Health Apps Commonly Share User Data Without Consent
Your favorite smartphone/mobile health app probably shares your private information with third parties, and most likely without your knowledge.
- Some mobile health apps commonly sell sensitive user information to third parties
- Most permissions settings give apps powerful access to your device and unrelated app info
- In many cases, HIPAA does not apply to data collected by health apps
Think your mobile health app keeps your private information private? Think again. Health apps connected to your phone or a wearable device commonly share or sell user data to third parties — a reality of which many people are unaware.
A recent study published in the Journal of the American Medical Association looked at 211 Android diabetes apps and found that only 41 apps (19%) actually had privacy policies (a notice within the app informing the user how the app may gather, use, disclose, and manage the user’s information). The remaining 81% had none. And of the 41 apps that had privacy policies, only four of them indicated they would request user permission before sharing the user’s data with a third party.
Why should you care? The issue isn’t limited to diabetes apps. In general, all apps you download to your mobile device — and any website you might access — collects information about you. Information collected with tracking cookies can include personal details like name, date of birth, gender, exercise habits, and sexual activity. And in the case of the diabetes apps covered in the study, sensitive health info like insulin or blood glucose levels can be sold and shared without your affirmative consent. This info is compiled and analyzed by data brokers who then provide it to advertisers, insurance companies, and government entities, to name a few.2
By taking these extra steps, you can make an informed decision about not only the information that you make available through the app, but also if you want to download and utilize the app in the first place.