Courtney Allan
Technology

Are you at risk? Data sharing amongst health apps is more common than you think

Some of the sensitive information you might share with a doctor, including your age, sex, medical conditions and current symptoms, are being shared with popular health apps.

Although it’s easy to feel like these applications are helping you, a new study has found that the data that users input into these apps are being shared with third party entities.

The study, published in the British Medical Journal, has found that user data from health-related mobile apps on the Android platform is routine and not transparent at all.

The information that is put into these health apps can be shared with app developers, their parent companies and potentially dozens of third-party entities. Therefore, the information that you think is private ends up being distributed on a wide scale.

Lead author of the report, Dr Quinn Grundy, said that health apps are a “booming market”, but is one with many privacy failings. She told The ABC:

"I think many of us would expect that this kind of data should be treated differently," said Dr Grundy, an assistant professor at the University of Toronto.

"Unfortunately, our study shows that that's not the case. These apps behave in much the same way as your fitness app, weather app or music app."

Dr Grundy and colleagues at the University of Sydney examined 24 medicine related Android applications that are popular in Australia, North America and the United Kingdom. Some of these apps included ones that might remind you when to take a prescription.

The researchers found that 19 out of 24 apps shared data outside of the application to a total of 55 different entities, owned by 46 parent companies.

The information that was shared included users emails and device ID to medical conditions and drug lists.

The researchers discovered that Amazon and Alphabet, the parent company of Google, received the highest volume of user data. This was closely followed by Microsoft.

Dr Grundy explained that whilst most apps have a privacy policy and said that the data was stripped of identifying information, they described what was collected and shared in very general terms.

"They wouldn't name specific third parties or why data was shared with them. But would say, 'we never sell your data, but we may shared anonymised, aggregated reports with third parties for legitimate business purposes'," she explained.

Peter Hannay, an adjunct lecturer and security researcher at Edith Cowan University has offered a solution.

"It's not a matter of 'swap to a different app'," he said.

"It would be a matter of just not using those sorts of services at all."

However, if you do want to use these services, he has some advice for that as well.

"If the application is reminding you to take medication, I would try to find one that doesn't require permission to connect to the internet," he said.

"If it's able to work offline, that's something I would consider to be desirable."

Do you use any apps that require health data? Let us know in the comments.

Tags:
data, breach, data breach, lack of privacy, no health data, health, health data, technology