home icon
Route 360 Logo

From our sponsors :

Sneaky Ways Wellness Apps Invade Your Privacy

A new study says you may be revealing confidential information when using mobile health and fitness tools. Here's how to protect yourself.

posted by Caroline Mayer, August 5, 2013 More by this author

iPhone app

Caroline Mayer is a consumer reporter who spent 25 years working for The Washington Post. Follow her on Twitter @consumermayer


iPhone app
Thinkstock
The older I get, the more I care about my physical well-being. That’s why my smartphone is crowded with health and fitness mobile apps. If you’re over 50, maybe yours is too.

I’ve got a food-diary app for my battle against the bulge and a restaurant nutrition guide. To track my daily steps, there’s a pedometer as well as a walking-map app.

I’ve never used my first-aid app, but it’s there if I ever need it.

I’ve also got a medical reference guide for when I’m in hypochondriac mode or need to learn about prescriptions’ side effects.

And I can’t forget the shopping guide apps I turn to before buying health, nutrition and exercise products.

(MORE: 10 Top Wellness Apps to Meet Your Health Goals)
 
‘Considerable Privacy Risks’

As useful as health apps and fitness apps may be, a stunning new report from the Privacy Rights Clearinghouse, a consumer education and advocacy nonprofit, says they may also pose “considerable privacy risks" for users.

The group came to this conclusion after studying 43 of the most popular wellness apps (half for iPhones, half for Androids; 23 free and 20 paid). Many of the apps, the study noted, collect a hefty amount of personal information, including the user’s name, email address, age, gender, height, weight, lifestyle habits (diet, exercise, etc.) and prescription records.

In short, using a health or fitness app on your smartphone could lead to unwittingly sharing a very personal record that you’d rather keep private.

Information stored on wellness apps, the Privacy Rights Clearinghouse found, is anything but private.

Many of these apps, for example, allow and even encourage users to share their health details with social media outlets. And we all know that once data becomes public, we have little, if any, control over it.

Free Apps Are Often the Most Dangerous

An even more troubling finding from the report is that many wellness apps share users’ information with advertisers or ad networks that track consumers for personally targeted promotions.

This problem occurs far more often on free apps than paid ones, since the unpaid versions rely on advertising as their chief source of revenue. The paid versions’ revenue comes from app sales.

“It’s not always obvious to users what data is being collected,” the study said. “For instance, one well-known company’s app lets users learn about particular drugs. What they don’t tell you is that the names of the drugs researched by users are sent to third-party advertisers who can link that data to the user’s Web browsing history.”

Wellness Apps’ Poor Security

But by far the greatest risk to privacy from mobile apps is that most have poor security, which means they send data over unencrypted insecure network connections (Web addresses that start with HTTP and not the safer HTTPS). Unencrypted connections potentially expose sensitive and embarrassing data – like your search about a sexually transmitted disease or an anti-psychotic drug – to everyone on a network, according to the Privacy Rights Clearinghouse.

The study did not specifically name the wellness apps reviewed by the privacy group. “Our purpose wasn’t to shame, but to investigate just what is happening with personal information,” clearinghouse director Beth Givens told me. Wellness apps, she added, “have many beneficial uses.”

The key takeaway from this report: Consumers need to understand that federal privacy regulations requiring doctors and pharmacists to protect a patient’s health information don’t apply to mobile apps, which are largely unregulated.

(MORE: The FiftySomething Workout: 10 Top Fitness Apps)
 
How Much Does Privacy Mean to You?

So before downloading or using a wellness app, you ought to decide whether you care that others may gain access to what’s on it.

As the report asks: “Do you care if your weight today and again next week is openly available without being encrypted? Do you want to share information about your blood glucose level or your workout regimen?”

6 Tips to Stay Safe With Wellness Apps

The Privacy Rights Clearinghouse offers these six recommendations to guard your privacy with wellness apps:

1. Before adding an app, check out its privacy policy – if there is one. Many apps don’t have a privacy policy. If they do, you can usually find it on the developer’s website. Read it before downloading.

Don’t assume that a detailed privacy policy means you’re well protected. The reverse could be true. “Apps with the most detailed privacy polices posed some of the greatest privacy risks,” the report said, because they “seem to be written primarily to protect the company developing an app, not the users.”
 
(MORE: Don’t Be Dumb About Smartphone Privacy)

Says Craig Michael Lie Njie, the study’s technologist and founder and chief executive of Kismet World Wide Consulting: “I personally found an inverse correlation between the ‘quality’ of a privacy policy and how much privacy risk there was in using an app.”
 
Lie Njie found that one app had a very detailed privacy policy, but within 15 seconds of using it, data was sent to as many as a dozen different advertisers and third parties.
 
2. Consider using paid wellness apps rather than free ones. Your privacy is likely to be better protected with apps that charge a fee. Since they don’t rely on advertising for revenue, they’re less prone to share your data with third parties.
 
3. Make your own assessment of the app’s intrusiveness based on the personal information you have to reveal before using it. Assume that any details you must provide could be sent to third-party sites for marketing purposes.
 
4. If possible, check out an app's features first – without entering your private health data. This way, you can see if you really want to use the tool before giving anything away.
 
5. Tinker with your smartphone’s settings to restrict the information the apps can gather. Ask a tech-savvy friend (or perhaps your child) to help you navigate your settings.
 
6. If you stop using a wellness app, delete it. Not only will you free up space on your phone to make room for other apps, this move will prevent the app from continuing to collect, store and transmit data, like where you are, even if you’re not using it.
Newsletter
Next Avenue in your Inbox

Each week we'll send you stories, perspective and advice.