Privacy Concerns Examined Regarding Use of Mobile Health Apps

Most health-related mobile applications (mHealth apps) contain code that could potentially collect user data, according to a study published online June 16 in The BMJ.

Gioacchino Tangari, Ph.D., from Macquarie University in Sydney, and colleagues conducted a cross-sectional study to examine whether and what user data are collected by mHealth apps and to assess associated risks to privacy. Data were included for users of 20,991 mHealth apps. In-depth analysis was performed on 15,838 mHealth apps that were free to download. These apps were compared to 8,468 non-mHealth apps.

The researchers found that code that could potentially collect user data was included in 88 percent of mHealth apps. User information was transmitted in the traffic of 3.9 percent of apps. External service providers (third parties) were involved in most data collection operations in app code and data transmissions. The top 50 third parties accounted for 68 percent of the data collection operations in app code and data transmissions in app traffic. Of user data transmissions, 23 percent occurred on insecure communication protocols. Overall, 28.1 percent of apps provided no privacy policies, while less than half (47 percent) of user data transmission complied with the privacy policy. Concerns about privacy were raised in 1.3 percent of user reviews.

"Such privacy risks should be articulated to patients and could be made part of app usage consent," the authors write. "We believe the trade-off between the benefits and risks of mHealth apps should be considered for any technical and policy discussion surrounding the services provided by such apps."