Home GoAndroid Android health apps pegged as major security and privacy risk

Android health apps pegged as major security and privacy risk

Aug 24, 2016

Android health apps pegged as major security and privacy risk Before you jump the bandwagon of installing Android health apps to monitor your daily calorie intake, diabetes levels, or some other health related statistics, we would like to draw your attention to a study that has shown that a number of Android health apps leak data to third parties and this is a huge security and privacy risk.

The study by researchers at Illinois Institute of Technology Chicago-Kent College of Law, Chicago, and colleagues examined the privacy policies of Android health apps – specifically the ones to do with diabetes and looked at how information is shared. They found that quite a few of these Android health apps didn’t have a privacy policy and that from those, some of the apps leaked data.

One of the prime motivations behind the study of Android health apps is that 20 per cent of smartphone owners had at least one health app installed on their smartphone in 2012. These apps can transmit sensitive medical data, including disease status and medication compliance. Privacy risks and the relationship between privacy disclosures and practices of health apps are understudied. For this study, the researchers identified all Android diabetes apps by searching Google Play using the term diabetes, and collected and analyzed privacy policies and permissions. The authors installed a random subset of apps to determine whether data were transmitted to third parties, defined as any website not directly under the developer’s control, such as data aggregators or advertising networks.

Most of the 211 diabetes apps (81 per cent) in the study did not have privacy policies. Only 4 policies said they would ask users for permission to share data. In the transmission analysis that included 65 Android health apps, sensitive health information from diabetes apps (e.g., insulin and blood glucose levels) was routinely collected and shared with third parties, with 86 percent of apps placing tracking cookies and 76 per cent without privacy policies. Of the 19 apps with privacy policies that shared data with third parties, 11 apps disclosed this fact, whereas 8 apps did not.

“This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties. The sharing of sensitive health information by apps is generally not prohibited by the Health Insurance Portability and Accountability Act,” the authors write.

“Patients might mistakenly believe that health information entered into an app is private (particularly if the app has a privacy policy), but that generally is not the case. Medical professionals should consider privacy implications prior to encouraging patients to use health apps.”