Sneaky Ways Wellness Apps Invade Your Privacy
A new study says you may be revealing confidential information when using mobile health and fitness tools. Here's how to protect yourself.
Caroline Mayer is a consumer reporter who spent 25 years working for The Washington Post. Follow her on Twitter @consumermayer
I’ve got a food-diary app for my battle against the bulge and a restaurant nutrition guide. To track my daily steps, there’s a pedometer as well as a walking-map app.
I’ve never used my first-aid app, but it’s there if I ever need it.
I’ve also got a medical reference guide for when I’m in hypochondriac mode or need to learn about prescriptions’ side effects.
And I can’t forget the shopping guide apps I turn to before buying health, nutrition and exercise products.
(MORE: 10 Top Wellness Apps to Meet Your Health Goals)
‘Considerable Privacy Risks’
As useful as health apps and fitness apps may be, a stunning new report from the Privacy Rights Clearinghouse, a consumer education and advocacy nonprofit, says they may also pose “considerable privacy risks" for users.
The group came to this conclusion after studying 43 of the most popular wellness apps (half for iPhones, half for Androids; 23 free and 20 paid). Many of the apps, the study noted, collect a hefty amount of personal information, including the user’s name, email address, age, gender, height, weight, lifestyle habits (diet, exercise, etc.) and prescription records.
In short, using a health or fitness app on your smartphone could lead to unwittingly sharing a very personal record that you’d rather keep private.
Information stored on wellness apps, the Privacy Rights Clearinghouse found, is anything but private.
Many of these apps, for example, allow and even encourage users to share their health details with social media outlets. And we all know that once data becomes public, we have little, if any, control over it.
Free Apps Are Often the Most Dangerous
An even more troubling finding from the report is that many wellness apps share users’ information with advertisers or ad networks that track consumers for personally targeted promotions.
This problem occurs far more often on free apps than paid ones, since the unpaid versions rely on advertising as their chief source of revenue. The paid versions’ revenue comes from app sales.
“It’s not always obvious to users what data is being collected,” the study said. “For instance, one well-known company’s app lets users learn about particular drugs. What they don’t tell you is that the names of the drugs researched by users are sent to third-party advertisers who can link that data to the user’s Web browsing history.”
Wellness Apps’ Poor Security
But by far the greatest risk to privacy from mobile apps is that most have poor security, which means they send data over unencrypted insecure network connections (Web addresses that start with HTTP and not the safer HTTPS). Unencrypted connections potentially expose sensitive and embarrassing data – like your search about a sexually transmitted disease or an anti-psychotic drug – to everyone on a network, according to the Privacy Rights Clearinghouse.
The study did not specifically name the wellness apps reviewed by the privacy group. “Our purpose wasn’t to shame, but to investigate just what is happening with personal information,” clearinghouse director Beth Givens told me. Wellness apps, she added, “have many beneficial uses.”
The key takeaway from this report: Consumers need to understand that federal privacy regulations requiring doctors and pharmacists to protect a patient’s health information don’t apply to mobile apps, which are largely unregulated.
(MORE: The FiftySomething Workout: 10 Top Fitness Apps)
How Much Does Privacy Mean to You?
So before downloading or using a wellness app, you ought to decide whether you care that others may gain access to what’s on it.
As the report asks: “Do you care if your weight today and again next week is openly available without being encrypted? Do you want to share information about your blood glucose level or your workout regimen?”
6 Tips to Stay Safe With Wellness Apps
The Privacy Rights Clearinghouse offers these six recommendations to guard your privacy with wellness apps:
(MORE: Don’t Be Dumb About Smartphone Privacy)
2. Consider using paid wellness apps rather than free ones. Your privacy is likely to be better protected with apps that charge a fee. Since they don’t rely on advertising for revenue, they’re less prone to share your data with third parties.
3. Make your own assessment of the app’s intrusiveness based on the personal information you have to reveal before using it. Assume that any details you must provide could be sent to third-party sites for marketing purposes.
4. If possible, check out an app's features first – without entering your private health data. This way, you can see if you really want to use the tool before giving anything away.
5. Tinker with your smartphone’s settings to restrict the information the apps can gather. Ask a tech-savvy friend (or perhaps your child) to help you navigate your settings.
6. If you stop using a wellness app, delete it. Not only will you free up space on your phone to make room for other apps, this move will prevent the app from continuing to collect, store and transmit data, like where you are, even if you’re not using it.