Nav: Home

Data sharing by popular health apps is 'routine', research finds

March 21, 2019

Mobile health apps are a booming market targeted at both patients and health professionals. Medicines-related apps help patients track their prescriptions and remember to take their pills. They also provide drug information to help clinicians prescribe and administer medications.

However these apps also pose unprecedented risk to consumers' privacy given their ability to collect user data, including sensitive information that is highly valuable to commercial interests, new research demonstrates.

Published in BMJ today, the research team - from the University of Sydney, the University of Toronto and University of California - set out to investigate if and how user data is shared by top rated medicines-related mobile apps. It also sought to characterise privacy risks to app users, both clinicians and consumers.

The researchers found sharing of user data by medicines-related apps is routine but far from transparent, and also identified a small number of commercial entities with the ability to aggregate and potentially re-identify user data.

"Privacy regulators should consider that loss of privacy is not a fair cost for the use of digital health services," said lead author Assistant Professor Quinn Grundy of the University of Toronto and University of Sydney School of Pharmacy, Charles Perkins Centre.

How data is shared

The research team identified 24 top rated medicines related apps for the Android mobile platform in the United Kingdom, United States, Canada, and Australia. All apps were available to the public; provided information about medicines dispensing, administration, prescribing, or use; and were interactive.

They then ran laboratory-based traffic analysis of each app downloaded onto a smartphone, simulating real world use with four dummy scripts.

Privacy leaks were detected using a technique called Differential Traffic Analysis, explained co-author Dr Ralph Holz from the University of Sydney's School of Computer Science.

"The idea is to capture a baseline of the normal network data that an app causes, and then change privacy-related settings in the app. The places where the new settings turn up in any fresh network data shows us where and to whom the app is leaking it."

Of the sampled apps, most - 19 out of 24 or 79 percent - shared user data outside of the app. A total of 55 unique entities, owned by 46 parent companies, received or processed this data, including developers, parent companies (first parties) and service providers (third parties).

Third parties also advertised the ability to share user data with 216 'fourth parties' including multinational technology companies, digital advertising companies, telecommunications corporations, and a consumer credit reporting agency. Only three of these fourth parties could be characterised predominantly as belonging to the health sector.

Several companies, including Alphabet, Facebook, and Oracle, occupied central positions within the network with the ability to aggregate and re-identify user data.

Call for greater regulation and transparency

While it's unclear if iOS apps share user data - and if medicines-related apps share user data more or less than other health apps, or apps in general - the findings remain of concern said Assistant Professor Grundy.

"Most health apps fail to provide privacy assurances or transparency around data sharing practices," she said.

"User data collected from apps providing medicines information or support may also be particularly attractive to cybercriminals or commercial data brokers.

"Health professionals need to be aware of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent.

"Regulators should also emphasise the accountabilities of those who control and process user data, while health app developers should disclose all data sharing practices and allow users to choose precisely what data are shared and where."
-end-
This research was a partnership with the Australian Communications Consumer Action Network (ACCAN) and was funded by the Sydney Policy Lab, the University of Sydney's hub for researchers, policy makers and community to work together to identify solutions to the world's biggest challenges.

University of Sydney

Related Privacy Articles:

COVID-19 contact tracing apps: 8 privacy questions governments should ask
Imperial experts have posed eight privacy questions governments should consider when developing coronavirus contact tracing apps.
New security system to revolutionise communications privacy
A new uncrackable security system created by researchers at King Abdullah University of Science and Technology (KAUST), the University of St Andrews and the Center for Unconventional Processes of Sciences (CUP Sciences) is set to revolutionize communications privacy.
Mayo Clinic studies patient privacy in MRI research
Though identifying data typically are removed from medical image files before they are shared for research, a Mayo Clinic study finds that this may not be enough to protect patient privacy.
Researchers uncover privacy flaw in e-passports
Researchers at the University of Luxembourg have discovered a flaw in the security standard used in biometric passports (e-passports) worldwide since 2004.
How cities can leverage citizen data while protecting privacy
In a new study, MIT researchers find that there is, in fact, a way for Indian cities to preserve citizen privacy while using their data to improve efficiency.
Cell-mostly internet users place privacy burden on themselves
Do data privacy concerns disproportionately affect people who access the internet primarily through cell phones?
Anonymizing personal data 'not enough to protect privacy,' shows new study
Current methods for anonymizing data leave individuals at risk of being re-identified, according to new research from University of Louvain (UCLouvain) and Imperial College London.
Study finds Wi-Fi location affects online privacy behavior
Does sitting in a coffee shop versus at home influence a person's willingness to disclose private information online?
Putting data privacy in the hands of users
MIT and Harvard University researchers have developed Riverbed, a platform that ensures web and mobile apps using distributed computing in data centers adhere to users' preferences on how their data are shared and stored in the cloud.
Social media privacy is in the hands of a few friends
New research has revealed that people's behavior is predictable from the social media data of as few as eight or nine of their friends.
More Privacy News and Privacy Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Listen Again: Reinvention
Change is hard, but it's also an opportunity to discover and reimagine what you thought you knew. From our economy, to music, to even ourselves–this hour TED speakers explore the power of reinvention. Guests include OK Go lead singer Damian Kulash Jr., former college gymnastics coach Valorie Kondos Field, Stockton Mayor Michael Tubbs, and entrepreneur Nick Hanauer.
Now Playing: Science for the People

#562 Superbug to Bedside
By now we're all good and scared about antibiotic resistance, one of the many things coming to get us all. But there's good news, sort of. News antibiotics are coming out! How do they get tested? What does that kind of a trial look like and how does it happen? Host Bethany Brookeshire talks with Matt McCarthy, author of "Superbugs: The Race to Stop an Epidemic", about the ins and outs of testing a new antibiotic in the hospital.
Now Playing: Radiolab

Dispatch 6: Strange Times
Covid has disrupted the most basic routines of our days and nights. But in the middle of a conversation about how to fight the virus, we find a place impervious to the stalled plans and frenetic demands of the outside world. It's a very different kind of front line, where urgent work means moving slow, and time is marked out in tiny pre-planned steps. Then, on a walk through the woods, we consider how the tempo of our lives affects our minds and discover how the beats of biology shape our bodies. This episode was produced with help from Molly Webster and Tracie Hunte. Support Radiolab today at Radiolab.org/donate.