Researchers analysed more than 20,000 health apps and found that the vast majority - or about 88%, were built with the ability to collect or share user data, according to a study published in the British Medical Journal.
This cross-sectional study, based in Australia investigated whether and what user data are collected by health related mobile applications (mHealth apps) in order to characterise the privacy conduct of all available mHealth apps on Google Play, and to gauge the associated risks to privacy.
Investigators gathered data on users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness) found in the Google Play store and conducted in-depth analysis on 15 838 apps that did not require a download or subscription fee as well as 8468 baseline non-mHealth apps for comparison.
Study outcomes focused on characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews.
Study authors report that 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% of apps studied transmitted user information in their traffic. They found that most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties).
Other Key Findings:
- the top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively)
- 23.0% (724) of user data transmissions occurred on insecure communication protocols
- 28.1% (5903) of the studied applications provided no privacy policies
- 47.0% (1479) of user data transmissions complied with the privacy policy
- 1.3% (3609) of user reviews raised concerns about privacy
Source: BMJ
Photo: iStock
