Popular health apps share data with third parties, study shows

Tauren Dyson
About 79 percent of health apps shared user's medical data with outside companies. Photo by Jazz Guy/Wikimedia Commons
About 79 percent of health apps shared user's medical data with outside companies. Photo by Jazz Guy/Wikimedia Commons

March 21 (UPI) -- The widespread use of mobile health apps can help more people locate prescriptions and remember to take pills. But this technology also opens people up to have all of that medical information passed along to third parties without their knowledge, a new study shows.

About 79 percent of health apps shared users medical data with outside companies, according to research published Thursday in The BMJ.


"Privacy regulators should consider that loss of privacy is not a fair cost for the use of digital health services," Quinn Grundy, an assistant professor at the University of Toronto and University of Sydney School of Pharmacy, Charles Perkins Center, said in a press release.

Researchers examined 24 top rated health-related apps available for Android mobile devices in the U.S., U.K., Canada and Australia. The interactive apps, available to anyone who downloaded them, gave information about medicine dispensing, administration, prescribing and use.

RELATED App may save opioid users from overdose by tracking breathing

After downloading each app onto a smartphone and feeding them fake information from four scripts, the researchers found that 55 third-party companies, including developers and service providers, took in and processed that data.

"The idea is to capture a baseline of the normal network data that an app causes, and then change privacy-related settings in the app. The places where the new settings turn up in any fresh network data shows us where and to whom the app is leaking it."


Additionally, those third-parties promoted the ability to share that data with 216 fourth parties, including tech, telcom, digital advertising and consumer credit companies. Only three of those companies were health-related.

RELATED OCD symptoms could be reduced with 'brain-training' app, study says


"Most health apps fail to provide privacy assurances or transparency around data sharing practices," she said. "User data collected from apps providing medicines information or support may also be particularly attractive to cybercriminals or commercial data brokers."

Those companies, which include Google's parent company Alphabet, Facebook and Oracle, were capable of collecting and re-identifying user data.

"Health professionals need to be aware of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent," Grundy said. "Regulators should also emphasize the accountabilities of those who control and process user data, while health app developers should disclose all data sharing practices and allow users to choose precisely what data are shared and where."

RELATED FDA approves first consumer app for contraceptive use

Latest Headlines