Mobile Health Applications Jeopardize User Privacy

App criteria included 100,000 to 10 million downloads and a minimum rating of 3.5 out of 5 points. All chosen apps managed, stored, and monitored users’ biomedical data, including health conditions, diseases, or medical agendas. The researchers then conducted static and dynamic analysis of the apps, along with tailored testing of each application’s functionalities.

The results revealed that only 20% of the analyzed applications stored data on users’ smartphones, with half of the apps also sharing personal data--both text data and multimedia such as X-ray images--with third parties. One in two apps requested and then.. managed users’ login passwords without a secure hypertext transfer protocol (HTTPs) connection, transmitting users’ health data through standard URL links, thus making the data accessible to anyone with access to those links.

Some apps required access to geolocation data, microphones, camera, contacts list, an external storage card or Bluetooth communication, although the apps’ functionality did not depend on it. In 20% of the cases, the apps either did not refer users to a privacy policy, or the policy content was not available in English. After informing app developers about their findings, researchers noticed some issues had been corrected, such as unsafe health data transfers; but other issues, such as app usage data leaks, had not been addressed at all. The study was published on January 29, 2018, in IEEE Access.

“Recent advances in hardware and telecommunications have enabled the development of low cost mobile devices equipped with a variety of sensors. As a result, new functionalities, empowered by emerging mobile platforms, allow millions of applications to take advantage of vast amounts of data,” concluded senior author Agusti Solanas, PhD, of the URV department of computer engineering and mathematics, and colleagues. “We strongly support the use of mobile health apps, but users must know that apps’ popularity does not ensure privacy and security. People need to become more aware of the risks they are facing.”

Related Links:
University of Piraeus
Rovira i Virgili University