Some Australian Research Pointing Out The Risks And Problems Associated With Many Health Apps.

This appeared last week:

Research

Mobile health and privacy: cross sectional study

BMJ 2021; 373 doi: https://doi.org/10.1136/bmj.n1248 (Published 17 June 2021) Cite this as: BMJ 2021;373:n1248

1.       Gioacchino Tangari, postdoctoral research fellow1,  

2.       Muhammad Ikram, lecturer1,  

3.       Kiran Ijaz, postdoctoral research fellow2,  

4.       Mohamed Ali Kaafar, professor1,  

5.       Shlomo Berkovsky, professor2

·         Accepted 16 May 2021

Abstract

Objectives To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy.

Design Cross sectional study

Setting Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories.

Participants Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps.

Main outcome measures Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews.

Results 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy.

Conclusions This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.

Here is the link:

https://www.bmj.com/content/373/bmj.n1248

There is coverage here:

Serious privacy problems found in most health apps

By Juha Saarinen on Jun 18, 2021 6:10AM

Large survey of apps raises concerns.

A large-scale investigation of mobile health apps available in Australia and worldwide suggests that many contain serious privacy issues, with hundreds transmitting user information to third-party service providers.

Researchers at Macquarie University's Department of Computing analysed over 20,000 health apps for Android in Google Play and say patients should be informed about privacy practices before use and installation.

"Our results show that the collection of personal user information is a pervasive practice in 'mHealth' apps, and not always transparent and secure," the researchers wrote.

Since neither Google Play nor the Apple App Store provide privacy auditing functionality, clinicians should check health apps' functionality and articulate that to patients in simple terms.

This includes checking the permissions that health apps request such as accessing sensitive areas of the phone like location data, cameras and microphones.

Clinicians should review health apps' privacy policies and practices as well, the researchers recommended.

However, the researchers also discovered that over 28 percent of the apps in their sample provided no privacy policies.

Google and Apple should examine privacy statements made by developers before their apps become available in the stores, the researchers said.

"Through a vetting process, mobile app marketplaces should ensure that a valid and meaningful privacy policy document is always provided, unlike the current situation, where we observed that the links to privacy policy pages accessible from Google Play were often broken or led to empty webpages," they said.

Even when privacy policies were declared, the researchers found that around half of the apps were not compliant with what was stated. 

User data collection was also a concern.

A total of 15,838 health apps in Google's Play store were analysed in detail, with their privacy practices compared to a random sample of over 8000 non-health programs.

More here:

https://www.itnews.com.au/news/serious-privacy-problems-found-in-most-health-apps-566076

And here:

Doctors urged to be 'careful' over medical apps

Australian research shows that 88% of health and medical apps could access and potentially share personal data

17th June 2021

By Reuters Health

Doctors and patients should be "very careful" when recommending and using medical and health apps, warns the Australian author of an in-depth analysis of more than 20,000 health-related apps available through Google Play.

The BMJ study reveals serious privacy issues with the potential for sensitive health data to be shared with third parties, such as advertisers and analytics and tracking providers, without users' consent.

Up to 88% could access and potentially share personal data.

The researchers say clinicians need to be aware of these issues when discussing the benefits and risks of mobile-health (mHealth) apps with patients and inform them of the potential risks.

"Clinicians and patients alike should be very careful when deciding to use one of the mHealth apps, whether it is for management of health conditions and symptom checking or other purposes such as menstruation tracking," said lead researcher Dr Muhammad Ikram (PhD).

"The vast majority of these apps could not only access, but also would potentially share data with other parties."

"Finally, clinicians recommending mobile apps related to their specialisation area need to be aware of their potential risks and inform their patients," he said

Lots more here:

https://www.ausdoc.com.au/news/doctors-urged-be-careful-over-medical-apps

The articles and the coverage say it all with the main point being to make sure what the app is up to when using it or recommending it to a patient!

David.