Mobile health apps can help individuals manage chronic health conditions.1 One-fifth of smartphone owners had health apps in 2012,2 and 7% of primary care physicians recommended a health app.3 The US Food and Drug Administration has approved the prescription of some apps.4 Health apps can transmit sensitive medical data, including disease status and medication compliance. Privacy risks and the relationship between privacy disclosures and practices of health apps are understudied.
Sarah R. Blenner, JD, MPH1; Melanie Köllmer, PhD1,2; Adam J. Rouse, JD, LLM1; Nadia Daneshvar, MPH1; Curry Williams, AS1; Lori B. Andrews, JD1
On January 3, 2014, we identified all Android diabetes apps by searching Google Play using the termdiabetes. Android is the most popular mobile operating system worldwide with 82.8% market share (compared with Apple iOS’s 13.9%).5 We collected and analyzed privacy policies and permissions (disclosures of what apps can access or control on the device) for apps that remained 6 months after our initial search. Because consumers may want to know about privacy protections before choosing an app, we determined which apps had policies available predownload and what the policies protected. Then we installed a random subset of apps to determine whether data were transmitted to third parties, defined as any website not directly under the developer’s control, such as data aggregators or advertising networks.
We identified 271 diabetes apps and chose a random sample of 75 for the transmission analysis. Within 6 months, 60 apps became unavailable, leaving 211 apps in the sample and 65 apps in the subset. Most of the 211 apps (81%) did not have privacy policies. Of the 41 apps (19%) with privacy policies, not all of the provisions actually protected privacy (eg, 80.5% collected user data and 48.8% shared data) (Table 1). Only 4 policies said they would ask users for permission to share data.
Permissions, which users must accept to download an app, authorized collection and modification of sensitive information, including tracking location (17.5%), activating the camera (11.4%), activating the microphone (3.8%), and modifying or deleting information (64.0%) (Table 2).
In the transmission analysis, sensitive health information from diabetes apps (eg, insulin and blood glucose levels) was routinely collected and shared with third parties, with 56 of 65 apps (86.2%) placing tracking cookies; 31 of the 41 apps (76%) without privacy policies, and 19 of 24 apps (79%) with privacy policies shared user information, which was not statistically significantly different (N = 65; χ21 = 0.11, P > .25). Of the 19 apps with privacy policies that shared data with third parties, 11 apps disclosed this fact, whereas 8 apps did not.
This study demonstrated that diabetes apps shared information with third parties, posing privacy risks because there are no federal legal protections against the sale or disclosure of data from medical apps to third parties.6 The sharing of sensitive health information by apps is generally not prohibited by the Health Insurance Portability and Accountability Act.
This study is limited to Android apps and privacy policies available predownload in 2014, and the apps in the subset may not be a representative sample due to withdrawal of some apps. In November 2015, 143 of the 211 original apps, and 53 of the 65 apps in the subset (23 with and 30 without privacy policies) were still available. There were no major changes in the number of privacy policies (only 2 in the subset added policies), and policies had not been modified to protect consumer data from being shared with third parties.