07/22/2018 / By Michelle Simmons
A European study revealed that mobile health apps were sending health-related data to third-party companies, harming the privacy of its users. This study was conducted by a team of researchers from the University of Pireus in Greece and Rovira I Virgili University in Spain.
The research team analyzed 20 well-known, free mobile health apps that could be downloaded from Google Play. The studied health apps had to have at least 100,000 to 10 million downloads each and a minimum rating of 3.5 out of five (in terms of popularity). These apps managed, stored, and monitored the biomedical data of their users, such as health condition, diseases, or medical to-do lists.
In the first part of the study, the team looked at how the personal information of the users were handled. It uncovered that 20 percent of the apps kept data on the phones of the users. Moreover, one in every two apps asked and managed the login passwords of users using an unsecured connection.
In addition, they highlighted that fifty percent of the apps shared users’ personal data with third party servers. The personal data included both text data and multimedia such as x-ray images. Furthermore, more than half of the apps sent the health data of users through URL links. This means that anyone who has those links can access the data. They also found that in 20 percent of these cases, the users were not referred to a privacy policy or the policy content was not available in English, which is the language of the app. Furthermore, several apps asked access to users’ geolocation, microphones, camera, contacts list, external storage card, or bluetooth, even though the apps did not necessarily needed it.
Then, the researchers informed the app developers about the issues they found. They noticed that even though some issues were fixed, such as unsafe health data transfers, other issues such as app usage data leaks were not addressed.
“Users must know that apps’ popularity does not ensure privacy and security,” said Agusti Solanas of Rovira I Virgili University in Spain, involved in the study. “People need to become more aware of the risk they are facing.”
“Our findings reveal that the majority of the analyzed applications does not follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardizing the privacy of millions of users,” the researchers wrote.
This is not the first time that smartphone apps has been reported to share users’ data with third-party services. It was revealed in an article published in the website TheConversation.com that more than 70 percent of mobile apps are transmitting personal data to third-party tracking companies such as Google Analytics, the Facebook Graph API, or Crashlytics.
Typically, apps require the user’s permission before accessing personal information. However, once the app gets the permission, it can share the user’s data with anyone the app’s developer wants to. This enables third-party companies monitor your location, how fast you are moving, and what you are doing. (Related: It’s not your imagination — your phone really is spying on you: Hundreds of Android apps use the microphone to secretly monitor and record your TV habits.)
The researchers developed a free Android app to analyze the traffic apps send out in order to identify which applications and online services collect personal data.
If you’d like to read more stories and studies on unsafe mobile apps, please go to Surveillance.news.
Sources include:
Tagged Under: Crashlytics, dangerous tech, Facebook Graph API, Google Analytics, hacking, health apps, health data, information technology, mobile apps, personal data, personal information, privacy, research, science and technology, Smartphones, surveillance, third-party services
COPYRIGHT © 2017 GLITCH.NEWS
All content posted on this site is protected under Free Speech. Glitch.news is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Glitch.news assumes no responsibility for the use or misuse of this material. All trademarks, registered trademarks and service marks mentioned on this site are the property of their respective owners.