Many individuals use mobile apps to monitor their health, learn about specific medical conditions, and help them achieve personal fitness goals. Apps in the “wellness” space include those that support diet and exercise programs; pregnancy trackers; behavioral and mental health coaches; symptom checkers that can link users to local health services; sleep and relaxation aids; and personal disease or chronic condition managers.
After studying 43 popular health and fitness apps (both free and paid) from both a consumer and technical perspective, it is clear that there are considerable privacy risks for users – and that the privacy policies for those apps that have policies do not describe those risks. However, these apps appeal to a wide range of consumers because they can be beneficial, convenient, and are often free to use.
Consumers should not assume any of their data is private in the mobile app environment—even health data that they consider sensitive. Users must weigh the benefits of the service with the realistic possibility that they are revealing information about their health not only to the app developer or publisher but also to third parties.
We performed a technical risk assessment to determine what data the apps collected, stored, and transmitted over the network. In other words, we “looked under the hood” to view the actual flow of personal information back to the app developer and to third parties.
Our tips for consumers:
For more information about the PRC’s mobile medical apps study:
Our mobile apps privacy project was funded by the California Consumer Protection Foundation. We are grateful for its support.