Thousands of mobile health apps have “serious problems with privacy”, a study suggests.
Researchers from Macquarie University in Australia examined more than 15,000 medical and health and fitness-related apps on the Google Play Store and compared their privacy practices with a random sample of over 8,000 non-health apps.
The study, which has been published by the British Medical Journal (BMJ), found that while health apps tended to collect less user data than other apps, 88% could access and potentially share personal data, such as a user’s email address and geolocation information.
It also highlighted that although only 4% of the health apps tested actually transmitted data, this was still a substantial figure and should be a point of concern.
The researchers said this was because more than 87% of the data collection and 56% of the data transmission was on behalf of third-party services such as advertisers and tracking providers.
Online trackers can be used to follow someone around the internet gathering data on a user’s habits, which can then be used to build a profile of them and help serve them advertising.
Furthermore, the study raised concerns about data security, with its findings suggesting that 23% of user data transmissions took place on insecure communication channels.
The most common third parties responsible for the data collection within the apps were found to be tech firms including Google and Facebook.
“This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps,” the researchers said of their findings.
“Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mobile health (mHealth) apps.”
The study calls on consumers to take advantage of privacy settings that can help users better protect their privacy, but urged the industry to also do more.
“We must also advocate for greater scrutiny, regulation, and accountability on the part of key players behind the scenes – the app stores, digital advertisers, and data brokers – to address whether these data should exist and how they should be used, and to ensure accountability for harms that arise,” the study said.