Researchers from the University of Sydney and the University of California, Santa Barbara looked at 24 health apps for Android mobile devices pertaining to medical data, dispensing, administration, prescribing, or use. They found that 19 of those or 79 percent engaged in data-sharing practices. These health apps included some of the most popular ones for Android in the U.S., the U.K., and Australia like Ada, MedicineWise, and Medscape.
The type of shared information varied among the apps, but the most common categories of medical information being shared by these apps were 38 percent browsing history, 25 percent drugs taken by a patient and 17 percent medical conditions. These are valuable data sets that can be sold to interested parties like drug manufacturers and insurance companies.
The study also identified the recipients of this medical information. These included tech giants like Google, Amazon, and Microsoft. Even lesser-known cloud companies are harvesting medical data, such as MongoDB, Rackspace, and Tier 3. The biggest recipient of medical information through these health apps was Alphabet, which is Google’s parent company, while Amazon and Microsoft received the most diverse of medical data.
As if that is not alarming enough, third parties also share user data with 216 fourth parties. Fourth parties receiving the greatest variety and highest volumes of user data were global tech companies like Alphabet, Facebook, and Oracle, together with their data-sharing partners – which are extensive.
For one, this kind of information-sharing leads to users being targeted with ads, which on its own is irritating enough. Second, the data-sharing practices of these health apps with third parties raise serious privacy concerns. Although users’ identities are not revealed in data-sharing, companies involved in infrastructure plus analytics and advertising have the means to identify users anyway.
The researchers noted that companies should at least provide transparent sharing policies, given what is at stake. In addition, they wrote in their study that at the very least, users should be able to choose precisely which types of data can be accessed and used by apps and to have the option to not share data at all.
This kind of information-sharing also opens the door to the threat of medical discrimination. Systems created to help cut medical costs have used patient data in ways that make access to medical care more unequal. (Related: Mental health apps secretly share your private data with marketing companies to target your “disorders”.)
"Privacy will become an important social determinant of health, and regulators should reconsider whether sharing user data for purposes unrelated to the use of a health app," wrote the researchers.
The researchers further suggested that policymakers should also look at stricter regulation of third parties that commercialize user data or companies that own and operate mobile platforms and app stores.