Image: Many health apps do not safeguard user data (Photo courtesy of Getty Images).
A majority of health applications do not meet the legal requirements meant to prevent inappropriate and uncontrolled data disclosure to third-party companies.
Researchers at the University of Piraeus (Greece) and Rovira i Virgili University (URV; Tarragona, Spain) conducted a study that evaluated 20 popular mobile health apps available for free on Google Play. App criteria included 100,000 to 10 million downloads and a minimum rating of 3.5 out of 5 points. All chosen apps managed, stored, and monitored users’ biomedical data, including health conditions, diseases, or medical agendas. The researchers then conducted static and dynamic analysis of the apps, along with tailored testing of each application’s functionalities.
The results revealed that only 20% of the analyzed applications stored data on users’ smartphones, with half of the apps also sharing personal data--both text data and multimedia such as X-ray images--with third parties. One in two apps requested and then.. managed users’ login passwords without a secure hypertext transfer protocol (HTTPs) connection, transmitting users’ health data through standard URL links, thus making the data accessible to anyone with access to those links.
“Recent advances in hardware and telecommunications have enabled the development of low cost mobile devices equipped with a variety of sensors. As a result, new functionalities, empowered by emerging mobile platforms, allow millions of applications to take advantage of vast amounts of data,” concluded senior author Agusti Solanas, PhD, of the URV department of computer engineering and mathematics, and colleagues. “We strongly support the use of mobile health apps, but users must know that apps’ popularity does not ensure privacy and security. People need to become more aware of the risks they are facing.”
University of Piraeus
Rovira i Virgili University