Smart Health Apps: Useful Resource or Privacy Risk?
While apps that track steps, monitor sleep, or provide medication reminders can improve daily health management, this article argues that the convenience they offer is often outweighed by significant privacy risks associated with personal data collection and sharing.
According to a 2023 study published in the BMJ, 79% of popular health apps share unauthorised data with third parties. However, it is important to acknowledge that not all health apps operate in this manner; some prioritise user privacy by implementing strong data protection measures and maintaining transparency about their data practices. While significant privacy concerns exist, there are also responsible apps that aim to protect personal information. This contrast between privacy risks and protective measures sets the stage for a closer examination of how health apps manage user data and the implications for consumers.
Many health apps may request some of your personal data, then send it to a company that sends it to another company. To clarify, ‘third parties’ refer to outside companies or entities that receive your data from the app developers for purposes like marketing, analytics, or sales. ‘Fourth parties’ are the entities that these third parties might further share your data with. (Downey, 2019) You may ask how this really affects you. Two words: cyber threats.
Cyber threats have evolved. Cyber threats in healthcare are no longer just about stolen hospital files. As more people use mobile health apps, smart devices, and online consultations, the risk has expanded beyond hospital walls. Today’s cyber threats target every digital step of a patient’s health journey, from diagnosis to daily habits tracked on a phone. (Forsberg & Iwaya, 2024)
Cyber attackers don’t just want forms; they want data that reveals who you are inside and out. Your sleep patterns, mood logs, medication reminders, and even menstrual cycles can be captured, sold, or exposed. Many health apps also secretly share this information with advertisers, making users both patients and products. And this is where cyberbullying comes in.
The personal and intimate nature of health information makes it a prime target for cyberbullying and online harassment.
Doxing and Public Exposure: Malicious actors can access private health data and publicly release sensitive personal details (doxing) to embarrass, shame, or damage a person’s reputation. This could include information about mental health conditions, sexual practices, or other highly private circumstances.
Reputational Damage: The release of specific medical conditions can lead to stigma, discrimination in social settings, or even impact job opportunities if employers gain access to the information.
What consumerreports.org study found
Grundy and her colleagues identified the 24 Android apps they studied by finding those that were frequently downloaded, ranked in the top 100 medical apps, or endorsed by prominent organisations.
They created dummy user profiles and ran the apps a number of times, checking to see what user information was shared outside the app and where.
The user data that was passed along varied from app to app but included users’ names, device names, locations, operating system versions, web browsing behaviour, medications, and email addresses.
That information was shared with app developers and their parent firms, but also with outside or third-party companies that use consumer data for a variety of reasons, including sales and marketing.
In addition, the authors say, third parties could theoretically share this information with other entities, which they refer to as “fourth parties.”
Some fourth parties, such as Alphabet, Facebook, and Oracle, are large tech companies that may build profiles of users, often to target them with ads. Others identified by the researchers included digital ad firms, venture capital firms, and a consumer credit reporting agency.
How to protect your privacy
Are you ready to swear off smart health apps forever? These are some measures you need to note.
Beware of free apps: Free apps can sometimes come with hidden privacy risks. Before downloading, check what permissions the app asks for and consider if you are comfortable sharing that information. If an app asks for access not related to its function, reconsider using it.
Ask Yourself Before Downloading:
– Does the app require location tracking? Determine if this is necessary for the app’s functionality.
– Is access to contacts asked for? Be wary, especially if it’s not related to the app’s main purpose.
– Does the app request microphone access? Ensure this is essential for its features.
Scrap used Apps: you might have a few health apps sitting on your phone. Firstly, delete your account and information in the App, then delete the App from your phone.
Read privacy policies: check if the App shares data with third or fourth parties. If it doesn’t have that means it is a green flag; that doesn’t mean the App doesn’t share with third parties. Also, be suspicious of convoluted policies, hard to understand, or too long to read.
Recheck privacy policies time to time: always check your privacy policies from time to time, as they can often be changed. Also, check the permissions to see what sort of information the App shares with third parties.
Final Thought
Digital health apps promise convenience, but convenience should never cost privacy. As users, we must become more aware and selective, treating our health data like the valuable asset it is, not just another click. Brands and app developers must also take responsibility by being transparent and ethical with data handling. In a world where privacy risks continue to rise, smart healthcare should protect people, not profit from their personal lives.
References
Downey, A. (January 7, 2019). Data sharing in health apps ‘far from transparent, BMJ research warns. BMJ. https://www.digitalhealth.net/2019/03/data-sharing-health-apps-transparent-bmj/
Forsberg, A. & Iwaya, L. H. (2024). Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study. arXiv preprint. https://doi.org/10.48550/arXiv.2409.18528