A new study published in JAMA Network Open exposes the data-sharing practices of many popular health apps, including those for mental health, and several of them don’t match up to what they disclose in their privacy policy.
For example, the researchers looked at the top-ranking apps in the iOS and Android app stores found using keywords “depression” and “smoking cessation.” After downloading the apps, they checked to see if the data they entered into them was shared by taking a look at the app’s traffic.
They found that 33 out of the 36 apps they examined were sharing information that gave data analytics firms and advertisers insight into their digital behavior. Even worse, some shared information that can be considered highly sensitive, such as self-reports regarding substance abuse, entries into health diaries, and user names.
This makes it easy for third parties to gain information about people’s mental health that they’d rather keep private. Some would even argue that knowing a person downloaded an app related to mental health or quitting smoking in the first place is considered valuable health data.
Unfortunately, many people don’t realize these apps are sharing their personal data. In total, 92 percent of the 36 apps the researchers studied were sharing data with at least one third-party firm, most of which were services run by Google or Facebook for marketing, analytics, or advertising.
Half of these apps failed to disclose that there would be third-party sharing. Some had no privacy policy at all, others conveniently forgot to mention the sharing, and three actually had the nerve to lie and say this type of data would not be shared.
What these third parties are doing with the data is hard to say, but one can only imagine the potential repercussions. For example, an advertiser could use the information to try to influence a person’s treatment decisions, such as by placing ads for electronic cigarettes or even alcohol to those who are trying to quit smoking.
Experts say that the business model for free apps encourages this type of behavior as developers must get money somehow; if selling subscriptions isn’t enough, they can simply sell data. Moreover, when the app is marketed as a tool for “wellness,” laws that keep your medical information private do not apply.
The apps that the researchers looked at were not named. Other studies have shown that popular free mobile health apps share personal data with third parties, such as X-ray images and medical to-do lists.
Right now, there is really no way users can be sure their information is safe, although study co-author John Torous says one possibility would be for a group to be formed that can give a stamp of approval to mental health apps that behave responsibly. In the meantime, people need to use common sense, read privacy policies very carefully, consider whether the app comes from a trustworthy source, and think very carefully before sharing such information with apps.
Sources for this article include: