Very few of the apps available in the mobile health sector show sufficient regard for user privacy.
Even sensitive data may be unprotected
Privacy Rights Clearinghouse found that 17 out of the 43 apps, i.e. 40% of them, collect highly sensitive information – the user’s address, full name, geolocation, date of birth and postal code. Some 32% were found to represent a moderate risk for the user, given that they can capture an email address, names of friends or fields of interest, while 28% capture only rather less important data – e.g. noting the type of device being used or employing fully anonymous user tracking. Moreover some 35% of the teams behind the development of free apps tend to share information with third parties, as against 30% of paid apps where this is the practice. In these cases the data is then likely to be sold on to advertising firms to help them target their campaigns. Unsurprisingly this happens more often with free apps than paid-for ones, i.e. for 43% of the free apps, compared with only one of the paid-for apps in the sample.
Taking steps to safeguard one’s privacy
The report also sets out to advise users on what they should do in order to protect themselves from personal data exposure. Privacy Rights Clearinghouse’s first recommendation is of course that you should initially think carefully about the type of information you provide to the app. You should moreover start with the basic assumption that any information you give may be sold on to third party organisations. The authors also advise users to choose paid-for rather than free apps if possible as the former are judged less risky. You should then also try to restrict the personal details you provide when configuring your apps. Finally a step which not everyone remembers to take: if you stop using an app, you should delete it from your mobile device and also delete the personal profile you have built up while using it.