Nav: Home

Data sharing by popular health apps is 'routine', research finds

March 21, 2019

Mobile health apps are a booming market targeted at both patients and health professionals. Medicines-related apps help patients track their prescriptions and remember to take their pills. They also provide drug information to help clinicians prescribe and administer medications.

However these apps also pose unprecedented risk to consumers' privacy given their ability to collect user data, including sensitive information that is highly valuable to commercial interests, new research demonstrates.

Published in BMJ today, the research team - from the University of Sydney, the University of Toronto and University of California - set out to investigate if and how user data is shared by top rated medicines-related mobile apps. It also sought to characterise privacy risks to app users, both clinicians and consumers.

The researchers found sharing of user data by medicines-related apps is routine but far from transparent, and also identified a small number of commercial entities with the ability to aggregate and potentially re-identify user data.

"Privacy regulators should consider that loss of privacy is not a fair cost for the use of digital health services," said lead author Assistant Professor Quinn Grundy of the University of Toronto and University of Sydney School of Pharmacy, Charles Perkins Centre.

How data is shared

The research team identified 24 top rated medicines related apps for the Android mobile platform in the United Kingdom, United States, Canada, and Australia. All apps were available to the public; provided information about medicines dispensing, administration, prescribing, or use; and were interactive.

They then ran laboratory-based traffic analysis of each app downloaded onto a smartphone, simulating real world use with four dummy scripts.

Privacy leaks were detected using a technique called Differential Traffic Analysis, explained co-author Dr Ralph Holz from the University of Sydney's School of Computer Science.

"The idea is to capture a baseline of the normal network data that an app causes, and then change privacy-related settings in the app. The places where the new settings turn up in any fresh network data shows us where and to whom the app is leaking it."

Of the sampled apps, most - 19 out of 24 or 79 percent - shared user data outside of the app. A total of 55 unique entities, owned by 46 parent companies, received or processed this data, including developers, parent companies (first parties) and service providers (third parties).

Third parties also advertised the ability to share user data with 216 'fourth parties' including multinational technology companies, digital advertising companies, telecommunications corporations, and a consumer credit reporting agency. Only three of these fourth parties could be characterised predominantly as belonging to the health sector.

Several companies, including Alphabet, Facebook, and Oracle, occupied central positions within the network with the ability to aggregate and re-identify user data.

Call for greater regulation and transparency

While it's unclear if iOS apps share user data - and if medicines-related apps share user data more or less than other health apps, or apps in general - the findings remain of concern said Assistant Professor Grundy.

"Most health apps fail to provide privacy assurances or transparency around data sharing practices," she said.

"User data collected from apps providing medicines information or support may also be particularly attractive to cybercriminals or commercial data brokers.

"Health professionals need to be aware of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent.

"Regulators should also emphasise the accountabilities of those who control and process user data, while health app developers should disclose all data sharing practices and allow users to choose precisely what data are shared and where."
-end-
This research was a partnership with the Australian Communications Consumer Action Network (ACCAN) and was funded by the Sydney Policy Lab, the University of Sydney's hub for researchers, policy makers and community to work together to identify solutions to the world's biggest challenges.

University of Sydney

Related Privacy Articles:

Kids, parents alike worried about privacy with internet-connected toys
University of Washington researchers have conducted a new study that explores the attitudes and concerns of both parents and children who play with internet-connected toys.
Study applies game theory to genomic privacy
A new study from Vanderbilt University presents an unorthodox approach to protect the privacy of genomic data, showing how optimal trade-offs between privacy risk and scientific utility can be struck as genomic data are released for research.
When artistic freedom violates somebody's privacy
It can be quite an honor to be included in a literary work -- but it may also be a demeaning experience.
Study examines effect of privacy controls on Facebook behavior
A new study from the Naveen Jindal School of Management at UT Dallas assesses the impact of Facebook's granular privacy controls and its effects on user disclosure behavior.
Mobile app behavior often appears at odds with privacy policies
How a mobile app says it will collect or share a user's personal information with third parties often appears to be inconsistent with how the app actually behaves, a new automated analysis system developed by Carnegie Mellon University has revealed.
Children's health and privacy at risk from digital marketing
For the first time, researchers and health experts have undertaken a comprehensive analysis of the concerning situation in the World Health Organisation European Region regarding digital marketing to children of foods high in fats, salt and sugars
Exploring the relationship of ethics and privacy in learning analytics and design
The Springer journal Educational Technology Research and Development has published a special issue that examines the relationship of ethics and privacy in learning analytics, guest edited by Dr.
Just give me some privacy
Not everyone who strives to navigate the internet without being tracked is up to no good.
System helps protect privacy in genomic databases
In the latest issue of the journal Cell Systems, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Indiana University at Bloomington describe a new system that permits database queries for genome-wide association studies but reduces the chances of privacy compromises to almost zero.
IU study finds despite expectations of privacy, one in four share sexts
A new study from Indiana University researchers shows that although most people who engage in sexting expect their messages to remain private, nearly one in four people are sharing the sexual messages they receive.

Related Privacy Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Climate Crisis
There's no greater threat to humanity than climate change. What can we do to stop the worst consequences? This hour, TED speakers explore how we can save our planet and whether we can do it in time. Guests include climate activist Greta Thunberg, chemical engineer Jennifer Wilcox, research scientist Sean Davis, food innovator Bruce Friedrich, and psychologist Per Espen Stoknes.
Now Playing: Science for the People

#527 Honey I CRISPR'd the Kids
This week we're coming to you from Awesome Con in Washington, D.C. There, host Bethany Brookshire led a panel of three amazing guests to talk about the promise and perils of CRISPR, and what happens now that CRISPR babies have (maybe?) been born. Featuring science writer Tina Saey, molecular biologist Anne Simon, and bioethicist Alan Regenberg. A Nobel Prize winner argues banning CRISPR babies won’t work Geneticists push for a 5-year global ban on gene-edited babies A CRISPR spin-off causes unintended typos in DNA News of the first gene-edited babies ignited a firestorm The researcher who created CRISPR twins defends...