Mobile health applications regularly collect users’ personal data
- A study of mobile health (mHealth) apps available on the Google Play Store reveals that a large percentage of them are programmed to collect users’ personal data.
- The data collected by more than 15,000 free applications evaluated by the researchers was intercepted and transmitted to 665 third parties.
- MHealth apps collect and share less data than other types of apps, but they still collect a significant amount of personal information about users.
Gone are the days when mobile phone apps were primarily meant to crush cartoon pigs, let alone just make phone calls. Useful applications are now at the heart of the daily life of many people.
According to Statista data, the Apple App Store offers 2.2 million apps for iPhone users, and Google’s Google Play Store offers 3.48 million apps for users of phones with the company’s Android operating system.
Of these, there are an estimated 99,366 medical, health and fitness applications. Collectively, they are referred to as mHealth applications.
The mHealth apps available on the Google Play Store are the subject of a new study by researchers at Macquarie University in Sydney, Australia.
While users may assume that mHealth apps protect the privacy of sensitive health data, the study finds that 88% of these apps sold on the Google Play Store are designed to collect information about users.
The researchers performed an analysis of the free mHealth Google Play Store apps, comparing their collection of personal data with non-mHealth apps. While mHealth apps typically collected less personal information, the study nonetheless found significant collection of user data.
The study appears in the journal
The study authors looked at mHealth apps from the Google Play Store in three ways.
The researchers then downloaded 15,838 free mHealth apps from the store and used a programming tool to reverse engineer the apps to assess their data collection capabilities.
The analysis identified 65,068 data collection routines, an average of about four per application.
Two-thirds of applications could collect advertising IDs and data cookies that track a user’s activity while browsing the Internet. A third of the apps have been programmed to collect a user’s email address – information that can be sold to advertisers by email en masse – and about a quarter could provide developers with the location of a user. user.
Finally, the researchers launched each application and observed the silent transmission of personal data. Of the applications tested, 616, or 3.9%, were observed sending user data.
However, since the researchers did not fully test all the functionality of every application, their observations likely describe the minimum amount of data collection and transmission performed.
By analyzing the intercepted traffic, the researchers found that personal data was transmitted to 665 unique third-party entities.
Google received 34% of the personal data transmitted, followed closely by Facebook, with 14%.
The main types of data sent from a user’s device included contact information, location, device IDs, and application cookies. User email addresses accounted for 33% of the data intercepted and the current user cell tower, 25%.
Only 55% of data collection applications met the standards set out in their privacy policies.
Much of the data – up to 23% – was also transmitted using unencrypted HTTP, as opposed to HTTPS, further exposing users’ personal information to interception.
“In my opinion, even with the increased emphasis on data privacy, mHealth apps are a net positive,” environmental psychologist and wellness consultant Lee chambers Told Medical News Today. “However, several important areas need improvement across the spectrum, including increasing trust, improving functionality, clarity over privacy, assurance of content, and usability.”
The editorial says that “[p]The regulation of rivability is also still largely based on the idea that an “informed consumer” can choose applications with adequate guarantees of confidentiality. “
Its authors note, however, that the frequent lack of published privacy policies identified by Macquarie researchers undermines such transparency.
“I think we have to expect data privacy and have full clarity on how our data will be stored, used and protected. Persistent concerns about this limit their use both initially and in the longer term, ”Chambers commented.
The authors of the editorial conclude:
“We also need to advocate for increased scrutiny, regulation and accountability from key players behind the scenes – app stores, digital advertisers and data brokers – to determine whether these data must exist and how it is to be used, and to ensure liability for any damages that occur.