Australian research finds ‘pervasive’ privacy breaches on health apps

Thousands of health-related mobile phone applications have “serious problems with privacy,” according to analysis by Macquarie University in Australia.

Published by the British Medical Journal (BMJ), the Sydney-based team’s research into more than 20,000 apps found “collection of personal user information” to be “pervasive.”

Of the almost five million apps available on platforms operated by Apple and Google, around 100,000 are health-related. However “inadequate privacy disclosures” often hinder users “from making informed choices,” said the Macquarie researchers, who compared 15,000 health, medical and fitness apps with a sample of 8,000 others.

While the health apps gathered less user data than others, around two-thirds of them still “could collect advert identifiers or cookies” and a quarter could “identify the mobile phone tower to which a user’s device is connected.”

A quarter of the apps violated their own privacy polices, according to the BMJ research, with as many again either not providing any such terms in the first place or having “user data transmissions” occur via “insecure communication channels.”

Almost 90% of “data collection operations” more than half of the data transmission “were behalf of third party services, such as external advertisers, analytics, and tracking providers,” the researchers found.

Concerns about data security, particularly in “sensitive” areas such as health, have soared in the wake of the coronavirus pandemic and the deployment by dozens of governments, many of them authoritarian, of pandemic-related tracing apps.

Worries have been heightened by the growing threat of cyberattack, with Ireland’s health service crippled in May by a hack that has left the country in the dark about coronavirus-linked deaths and has seen personal health information leaked onto the so-called dark web. – dpa