Is your health and fitness app sharing your health score with your insurance company? Do health apps pose privacy risks?
I recently had the opportunity to attend a very informative webinar presented by the Privacy Rights Clearinghouse entitled “Mobile Health and Fitness Apps: What Are the Privacy Risks?”
It was based on a nine-month study on privacy apps that many individuals use to monitor their health, learn about specific medical conditions, and help them achieve personal fitness goals. Such apps may include those that support diet and exercise programs; pregnancy trackers; behavioral and mental health coaches; symptom checkers that can link users to local health services; sleep and relaxation aids; and personal disease or chronic condition managers.
These apps appeal to a wide range of consumers because they can be beneficial, convenient, and are often free to use. However, it is clear that there are considerable privacy risks for users – and that the privacy policies (for those apps that have policies) do not describe those risks.
The most common way that these apps invade your privacy is through connecting to third-party sites and services (imagine having your health score shared with insurance companies!). The idea that these sites do so without informing users seems to be the norm, not the exception. In fact, more than 75% of free apps and 45% of paid apps use behavioral tracking, often through multiple third-party analytics tools.
Here are some of the key findings of the report:
- Many apps send data in the clear – unencrypted – without user knowledge.
- Many apps connect to several third-party sites without user knowledge.
- Unencrypted connections potentially expose sensitive and embarrassing data to everyone on a network.
- 72% of the apps assessed presented medium to high risk regarding personal privacy.
- The apps that presented the lowest privacy risk to users were paid apps. This is primarily due to the fact that they don’t rely solely on advertising to make money, which means the data is less likely to be available to other parties.
Advice for consumers when using fitness or health apps:
- Research the app before you download it.
- Consider using paid apps over free apps if they offer better privacy protections.
- Make your own assessment of the app’s intrusiveness based on the personal information it asks for in order to use the app.
- Assume any information you provide to an app may be distributed to the developer, third-party sites the developer uses for functionality, and unidentified third-party marketers and advertisers.
- Try to limit the personal information you provide, and exercise caution when you share it. If the app allows it, try the features first without entering personal information.
- Ask a tech savvy friend to help you determine what information an app is asking for, help you navigate settings, and potentially help you restrict the information an app gathers.
- If you stop using an app, delete it. If you have the option, also delete your personal profile and any data archive you’ve created while using the app.
I would hope that mobile app developers would create products with privacy in mind and implement responsible information privacy and security practices. Until that time, users should assume that everything in an app is sent to the developer and possibly many unidentified third parties, so should only use apps and provide information they feel comfortable sharing.
John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.