Health App Publishers Need to Make Greater Efforts on Data Protection

By August 08, 2013

Very few of the apps available in the mobile health sector show sufficient regard for user privacy.

Only 43% of the free m-health apps recently placed under the microscope by Californian not-for-profit organisation Privacy Rights Clearinghouse contain a link to information on the app’s privacy policy, and just 20% of the paid-for apps investigated do so. For their report, entitled Mobile Health and Fitness Apps: What Are the Privacy Risks?, the authors looked at a sample of 43 apps, of which 20 were paid-for. The figures are especially alarming given that none of the apps examined seemed to be doing a particularly good job of protecting users’ data privacy.

Even sensitive data may be unprotected

Privacy Rights Clearinghouse found that 17 out of the 43 apps, i.e. 40% of them, collect highly sensitive information – the user’s address, full name, geolocation, date of birth and postal code. Some 32% were found to represent a moderate risk for the user, given that they can capture an email address, names of friends or fields of interest, while 28% capture only rather less important data – e.g. noting the type of device being used or employing fully anonymous user tracking. Moreover some 35% of the teams behind the development of free apps tend to share information with third parties, as against 30% of paid apps where this is the practice. In these cases the data is then likely to be sold on to advertising firms to help them target their campaigns. Unsurprisingly this happens more often with free apps than paid-for ones, i.e. for 43% of the free apps, compared with only one of the paid-for apps in the sample.

Taking steps to safeguard one’s privacy

The report also sets out to advise users on what they should do in order to protect themselves from personal data exposure. Privacy Rights Clearinghouse’s first recommendation is of course that you should initially think carefully about the type of information you provide to the app. You should moreover start with the basic assumption that any information you give may be sold on to third party organisations. The authors also advise users to choose paid-for rather than free apps if possible as the former are judged less risky. You should then also try to restrict the personal details you provide when configuring your apps. Finally a step which not everyone remembers to take: if you stop using an app, you should delete it from your mobile device and also delete the personal profile you have built up while using it.

Legal mentions © L’Atelier BNP Paribas