Analysis finds serious privacy problems in mobile health apps

Physicians should be aware of the privacy issues when determining the pros and cons of these apps.

A new analysis identifies “serious problems” in the privacy practices of health-related mobile applications (mHealth apps).

According to the analysis, published by BMJ, physicians should be aware of the inconsistent privacy practices of mHealth apps available on the Google Play storefront and be able to articulate them to patients when determining the benefits and risks in using them.

The researchers used a suite of app collection and analysis tools to carry out the analysis of nearly 21,000 mHealth apps available in the Google Play store accessible in Australia, a proxy for the worldwide Google Play marketplace, the study says.

They found that 88 percent of the apps could access and possibly share personal data, though the data transmission was detected in less than 4 percent of the apps. The authors note that the transmission obtained through automated testing was a low bound of the real data shared by the apps. More than 87 percent of the data collection practices were carried out on behalf of third parties, according to the analysis.

About 70 percent of data collection operations in apps are tied to 50 prominent services, with Google-owned services being the most common. The authors note this is likely due to the dominance of Google’s analytics and advertising services, as well as the choice of the Google Play marketplace as the source of the dataset.

While the analyzed data collection appears routine, it is not transparent as 28.1 percent of the mHealth apps offered no privacy policy text while 256 percent of user data transmissions violated the stated privacy policies. These transmissions include sensitive user information such as geolocations and passwords, according to the analysis.

“Such privacy risks should be articulated to patients and could be made part of app usage consent,” the analysis says. “We believe the trade-off between the benefits and risks of mHealth apps should be considered for any technical and policy discussion surrounding the services provided by such apps.”