A new study reports problems with privacy practices in more than 20,000 Australian health related mobile applications.
A new study from Macquarie University found that among 20,991 health-related apps, 88% contained computer code that could potentially be used to collect user data and about 616 apps transmitted user information in their traffic.
Furthermore, the study found that most of the data collected and transmitted involved third-parties, or external service providers, such as Google, Facebook, PayPal, New Relic, Stack and Pushwoosh.
According to the authors of the study, users of these health apps “should be informed on the privacy practices of these apps and the associated privacy risks before installation and use”.
About the findings
Currently, there are nearly 100,000 apps in Google Play and Apple store that deal with medical, health or fitness issues. These so called ‘mHealth apps’ are used for a wide range of services, such as management of health conditions, for checking symptoms or count calories, or to track women’s periods, among other applications.
While these apps are legally allowed to use and share user data, inadequate privacy disclosures have been found in many mHealth apps, the authors say. In this study, the authors focused on mHealth apps currently found on Google Play, about 20,991, and compared their health privacy practices to a random sample of 8,000 non-health apps.
Their key finding was that mHealth apps collected less user data than other non-health apps, but 88% of these mHealth apps had embedded computer code that could access and potentially share personal data.
Some of the information collected by these mHealth apps included app cookies, which are “small text files used for customising web browsing and app experience, but also for generating online user profiles,” the authors explained. Other data commonly collected were user’s email address and their current cell tower location.
This information is normally transmitted to third parties, which use the information as part of so called big-data analyses, with a potentially wide range of applications. “These sources of big data are commercialised, often as consumer insights or algorithms, and used to deliver microtargeted adverts, influence political behaviours, or make decisions about health insurance, employment, and housing, sometimes with exploitive or discriminatory effects,” said researchers in an accompanying editorial.
While only 4% of the analysed mHealth apps actually transmit personal data, research say this is a substantial number, as it involves over 600 apps.
“This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps,” the author conclude.
The recently published study was the result of a collaboration from various researchers from Macquarie University Cyber Security Hub and Centre for Health Informatics, including:
- Gioacchino Tangari (Postdoctoral Research Fellow, Macquarie University Cyber Security Hub, Macquarie University);
- Muhammad Ikram (Lecturer, Macquarie University Cyber Security Hub, Macquarie University);
- Kiran Ijaz (Postdoctoral Research Fellow, Centre for Health Informatics, Macquarie University);
- Mohamed Ali Kaafar (Professor, Macquarie University Cyber Security Hub, Macquarie University);
- Shlomo Berkovsky (Associate Professor, Centre for Health Informatics, Macquarie University).