Mobile health and privacy: cross sectional study

OBJECTIVES: To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. DESIGN: Cross sectional study SETTING: Health...

Descripción completa

Detalles Bibliográficos
Autores principales: Tangari, Gioacchino, Ikram, Muhammad, Ijaz, Kiran, Kaafar, Mohamed Ali, Berkovsky, Shlomo
Formato: Online Artículo Texto
Lenguaje:English
Publicado: BMJ Publishing Group Ltd. 2021
Materias:
Research
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8207561/
https://www.ncbi.nlm.nih.gov/pubmed/34135009
http://dx.doi.org/10.1136/bmj.n1248
_version_ 1783708796392046592
author Tangari, Gioacchino
Ikram, Muhammad
Ijaz, Kiran
Kaafar, Mohamed Ali
Berkovsky, Shlomo
author_facet Tangari, Gioacchino
Ikram, Muhammad
Ijaz, Kiran
Kaafar, Mohamed Ali
Berkovsky, Shlomo
author_sort Tangari, Gioacchino
collection PubMed
description OBJECTIVES: To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. DESIGN: Cross sectional study SETTING: Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. PARTICIPANTS: Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. MAIN OUTCOME MEASURES: Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. RESULTS: 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. CONCLUSIONS: This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.
format Online
Article
Text
id pubmed-8207561
institution National Center for Biotechnology Information
language English
publishDate 2021
publisher BMJ Publishing Group Ltd.
record_format MEDLINE/PubMed
spelling pubmed-82075612021-06-30 Mobile health and privacy: cross sectional study Tangari, Gioacchino Ikram, Muhammad Ijaz, Kiran Kaafar, Mohamed Ali Berkovsky, Shlomo BMJ Research OBJECTIVES: To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. DESIGN: Cross sectional study SETTING: Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. PARTICIPANTS: Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. MAIN OUTCOME MEASURES: Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. RESULTS: 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. CONCLUSIONS: This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps. BMJ Publishing Group Ltd. 2021-06-17 /pmc/articles/PMC8207561/ /pubmed/34135009 http://dx.doi.org/10.1136/bmj.n1248 Text en © Author(s) (or their employer(s)) 2019. Re-use permitted under CC BY-NC. No commercial re-use. See rights and permissions. Published by BMJ. https://creativecommons.org/licenses/by-nc/4.0/This is an Open Access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0/ (https://creativecommons.org/licenses/by-nc/4.0/) .
spellingShingle Research
Tangari, Gioacchino
Ikram, Muhammad
Ijaz, Kiran
Kaafar, Mohamed Ali
Berkovsky, Shlomo
Mobile health and privacy: cross sectional study
title Mobile health and privacy: cross sectional study
title_full Mobile health and privacy: cross sectional study
title_fullStr Mobile health and privacy: cross sectional study
title_full_unstemmed Mobile health and privacy: cross sectional study
title_short Mobile health and privacy: cross sectional study
title_sort mobile health and privacy: cross sectional study
topic Research
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8207561/
https://www.ncbi.nlm.nih.gov/pubmed/34135009
http://dx.doi.org/10.1136/bmj.n1248
work_keys_str_mv AT tangarigioacchino mobilehealthandprivacycrosssectionalstudy
AT ikrammuhammad mobilehealthandprivacycrosssectionalstudy
AT ijazkiran mobilehealthandprivacycrosssectionalstudy
AT kaafarmohamedali mobilehealthandprivacycrosssectionalstudy
AT berkovskyshlomo mobilehealthandprivacycrosssectionalstudy

Ejemplares similares