- Privacy Rights Clearinghouse took a long look last week at the privacy and security risks associated with mobile health and fitness apps instead of the usual focus on medical applications. Despite being sometimes free and often beneficial to their overall health, attorney Linda Ackerman and Privacy Rights Clearinghouse found in the “Mobile Health and Fitness Applications and Information Privacy” study that there are more privacy risks that patients probably realize.
The company came to this conclusion after analyzing 43 popular health and fitness apps, both free and paid, that don’t go into enough detail for customers on their privacy policies. Half of the 43 apps were on Apple’s iOS and half were on Google’s Android, choosing some of each type by a different selection process. Privacy Rights Clearinghouse chose free apps that appeared to be medical or health-related based what it heard from the media. It looked for categories such as behavioral health, health and fitness, diet, pregnancy and “stop smoking” in the Apple App Store and Google Play stores. Paid apps were chosen based on what Google Play and the Apple App Store listed as their top 200 paid apps in the health and fitness category.
There 23 free and 20 paid apps, but Privacy Rights Clearinghouse did not name specific applications or developers because it is not a seal or certification authority and as a policy does not endorse or criticize specific products or companies. After testing applications on four different mobile devices, two tablets and two smartphones, it did not notice any particular differences between the different types of devices or the operating system platforms in how the apps worked or what the privacy risks were.
These were some results that Privacy Rights Clearinghouse didn’t see coming:
- Only 13% of free apps and 10% of paid apps encrypted all data connections and transmission between the app and the developer’s website(s).
- Many apps send data in the clear – unencrypted — without user knowledge.
- Many apps connect to several third-party sites without user knowledge.
- Unencrypted connections potentially expose sensitive and embarrassing data to everyone on a network.
- Nearly three-fourths, or 72%, of the apps we assessed presented medium (32%) to high (40%) risk regarding personal privacy.
- The apps which presented the lowest privacy risk to users were paid apps. This is primarily due to the fact that they don’t rely solely on advertising to make money, which means the data is less likely to be available to other parties.
The company concluded that, from a privacy perspective, mobile health and fitness applications do not do a great job protecting users’ privacy:
Consumers who have no hesitation about sharing personal information will probably find value in sharing the details of their pregnancies by linking their app with Facebook, participating in app-based chat groups and posting photographs of themselves as their pregnancies progress. Others will find that socializing their diet or exercise regimes provides support or competition that helps motivate them.