Free Apps for Nearly Every Health Problem, but What About Privacy?
Need to lose weight, quit smoking, improve your sex life or get a better nightâs sleep? Thereâs an app for that â" all of it â" and more. Thousands of mobile apps are available to improve your health and fitness.
But beware.
Health apps can provide information and motivation to help you manage your well-being, and theyâre easy to use and often free. But they may not have protecting your privacy as a priority.
Health apps collect all sorts of personal information, like your name, e-mail address, age, height and weight. Others get even more detailed, depending on the focus of the app; fertility apps, for instance, allow you to enter details of your menstrual cycle, and exercise apps allow you to post the route of your daily jog.
Yet, an analysis of 43 popular wellness apps by the nonprofit Privacy Rights Clearinghouse found that many apps connect to advertising and data analysis sites without the userâs knowledge. And, they often transmit unencrypted information over insecure network connections â" possibly including your medical and pharmaceutical search terms, like those for sexually transmitted diseases or antipsychotic drugs. Thatâs the computer equivalent of sending a postcard, rather than a letter â" itâs easy for others on a network to read whatâs being transmitted, said Craig Michael Lie Njie, a consultant who did the technical analysis for the report.
For the analysis, financed by the California Consumer Protection Foundation, the clearinghouse used apps available on the iTunes App Store, for iOS devices, and Google Play for Android phones and tablets. (The report didnât identify the apps, saying its goal is to educate consumers and app developers.)
The report concluded that health apps posed âconsiderableâ privacy risks for consumers, and users shouldnât assume any of their data on a mobile app was private. Only 13 percent of free apps, and 10 percent of paid apps, encrypted all data connections between the app and the developerâs Web site. Many apps donât have privacy policies, and those that do donât always adequately describe the potential risks. More than a quarter of the free apps, and 40 percent of the paid apps, had no privacy policy at all.
Robin Thurston, chief executive of MapMyFitness, which offers a group of exercise sites and apps including the popular MapMyRun, said his company had developed a detailed privacy policy explaining how user information was used. It also includes a link for users who want to opt out of certain kind of ads. âOur apps are not passing any individual health information to any third-party services,â he said. âI can tell you we are not doing that with peopleâs information.â
He advised consumers to consider the credibility of the health apps they choose. Better-known brands and developers with a track record â" in which he includes MapMyFitness â" have more resources to spend on comprehensive data security, whereas smaller or offshore operations may be less reliable. With very small app developers, âYou could be sending your data into someoneâs home server to be stored,â he said. âIâm not sure consumers are aware of that.â
Many apps encourage users to share information through social media sites like Facebook, to seek support for their weight loss or fitness goal. But you should be cautious about revealing details of your medical conditions, since once information is public you have little control over it.
âWeâre not telling people not to use them,â Beth Givens, director of the Privacy Rights Clearinghouse, said of health apps. âBut you should know what youâre getting into.â
Here are some questions to consider.
â Are there any laws governing the use of health information I may share using an app?
Medical information thatâs shared directly between you and your doctor or your hospital is covered by the privacy provisions of the Health Insurance Portability and Accountability Act, or Hipaa. But thereâs little regulatory protection for health information shared over consumer apps, unless itâs a device prescribed or provided by your physician. In most cases, âYouâre on your own with these commercially available apps,â said Joseph Lorenzo Hall, a senior staff technologist who works on health privacy issues at the Center for Democracy and Technology.
â How can I be sure my information wonât be shared with marketing or advertising sites?
You should assume any information you impart using an app will be shared, Ms. Givens said. But you may get better protection by using paid apps, rather than free ones, because paid apps donât rely solely on advertising revenue â" and so are less likely to share information with outside firms that gather information to target their ads.
â What can I do to protect myself?
Try to read an appâs privacy policy before using it. The policy should describe the appâs information-sharing practices, and may give instructions for opting out of some of them. If itâs not available within the app, it may be posted on the developerâs Web site. You can even try to contact the developer with questions.
Privacy policies, however, are mainly aimed at protecting app developers from lawsuits, rather than protecting the privacy of your information, said Mr. Lie Njie. He advises sharing only data that you wouldnât mind becoming public.