Mobile Health Apps Plagued by Privacy Issues, Study Finds

Health and fitness apps, which help mobile-phone users track everything from calorie intake to menstruation dates, can access and share personal data in a way that’s concerning, according to a study published in the British Medical Journal.

The analysis of more than 20,000 apps found that inadequate privacy disclosures for many of them prevented users from making informed choices about their data. One third could collect user email addresses and many more transmitted data to third parties such as advertisers.

The findings come as the pandemic further boosts mobile-phone use and technology companies try to balance privacy demands with the financial needs of developers and advertisers. Google said it would create a new safety section in its Play mobile-app store, while Apple Inc. debuted an anti-tracking feature this year.

The sensitive nature of the information users share on health apps — such as health conditions or disease symptoms — poses heightened privacy risks.

Yet among the health apps included in the study, 28% didn’t offer any privacy policy text, according to researchers from Australia’s Macquarie University. And at least a quarter of user-data transmissions breached what was set out in the policies offered. As many as 88% of the apps reviewed could access and potentially share personal information, the researchers said.

The study looked at over 15,000 free health apps in the Google Play store and compared their privacy practices to those of more than 8,000 non-health apps. The authors said the research was currently only an observational finding, and had some limitations, though they said it was a broad assessment of the apps compared with previous research.