Mobile health apps pose serious data privacy exposure risk, study finds
A recent study, published by BMJ, has identified some big loopholes in the privacy and security practices of mobile health applications.
According to the findings, it is essential that healthcare providers know about the incompetent privacy practices of mobile health apps present on Google play and are able to notify patients about the risks and benefits linked with using these apps.
The study was carried out by analyzing more than 21,000 mobile health apps available on Australia Google play store, a proxy for the worldwide Google play market, according to the study.
The results showed that 88% apps were able to harvest and potentially share patient information. However, data sharing was only found in less than 4% of those apps. Furthermore, it was found that the sharing obtained via automated testing was a low bound of the data that is actually shared by the apps worldwide. Also, as per the findings, third parties were responsible for more than 87% of the information collection practices.
Around 70% information collection processes in apps are connected to 50 prominent services, Google owned services being the recipient of 34% of the transmitted data, along with Facebook at 14%. Even though mobile health apps collect and share less data as compared to other apps, they are still able to collect a huge amount of personal user information.
Out of the total, only 55% of the data collecting apps actually abided by the standards established in their privacy policies.
According to the analyst, “Such privacy risks should be articulated to patients and could be made part of app usage consent. We believe the trade-off between the benefits and risks of mHealth apps should be considered for any technical and policy discussion surrounding the services provided by such apps.”
“We must also advocate for greater scrutiny, regulation, and accountability on the part of key players behind the scenes — the app stores, digital advertisers, and data brokers — to address whether these data should exist and how they should be used, and to ensure accountability for harms that arise,” they said.