Do health apps put your personal data at risk?

Anton P. | February 24, 2021

Health apps have undeniable value in regards to helping people measure their vital signs. A simple push notification can alert you when to take your medicine. An app can calculate your calorie intake throughout the day. You can share your health data with specialists or schedule medical appointments in seconds. However, all this convenient health monitoring might not happen as privately as you assume. It would be unsettling to realize that app owners could exploit your health data for sales or marketing affairs. Sadly, there might be no explicit guarantees preventing such distressing practices.

Fitness and health apps continue to evolve

As people become more health-conscious, we turn to applications that track or monitor our well-being. Health apps can remind us when to refill prescriptions and improve remote patient monitoring. They can aid different objectives, and allow people to lead healthier lifestyles overall. For instance, apps linked to wearable smartwatches are increasingly popular.

Their primary purpose might be to record users’ exercise regimens, heart rates, stress levels, or sleep habits. For instance, an app can even measure and track your snoring or sleep talking. Health apps can work as calorie counters or serve guided meditation. Without a doubt, such apps confidently make their way into regular healthcare provision. One unprecedented benefit is that health apps can even participate in efficient crime-solving.

However, people have legitimate concerns over health apps and whether they can follow through with their promises of stability and security. For instance, it is natural to worry about Google purchasing Fitbit. The tech giant claims that it won’t use health data for ad-targeting purposes. However, users remain skeptical, and continue to raise questions about how Google will treat their data.

Health apps and data breaches

Like any other application you download, health apps might be far from perfect. The Intertrust 2020 report highlighted the lack of resilience in healthcare and medical apps. According to the tests, 71% of the 100 analyzed apps contained at least one severe vulnerability. Specialists noted that such flaws could serve hackers as means to extract confidential medical data. In addition to vulnerabilities reported, health apps that went under the microscope featured other security gaps. For instance, experts also emphasized weak encryption and problematic data storage. Thus, the report showed that protection surrounding health apps is fragile and could crumble at the cybercriminals’ hands.

In addition to being vulnerable to malicious intentions, health apps are also prone to error. With Babylon Health, an app providing remote consultations, the unexpected exposure did not come from a vicious attack. Instead, the app malfunctioned, giving patients access to video recordings of other users’ consultations. Such accidents and leaked confidential footage are some of the most problematic.

What do health apps know about you?

Depending on the main purpose of selected health apps, they can collect an array of users’ data.

  • Steps and calories burnt during the day.
  • Exercises, running patterns, and the exact routes taken.
  • Calorie intake.
  • Sleep regiments and disturbances occurring while you sleep.
  • Weight information.
  • Menstrual cycles and information related to fertility, pregnancy, and menstrual health.
  • Heart rates, blood pressure, and stress levels.
  • Medicine taken and dosage information.
  • Appointments scheduled with medical specialists.
  • Mental health and disability status.

Why are health apps a privacy concern?

You might know that apps harvest users’ data and share it with third parties. Experts note similar data-sharing happens with health apps, too. One study sampled 24 health apps, digging deeper into how they treat users’ data. 79% of them transferred data to a range of first and third parties, many of them involved in analytics or advertising. While such data-sharing practices are routine, it depends on full disclosure and users’ consent.

In 2018, specialists revealed that HealthEngine shared patients’ medical data with personal injury law firms. The owners of this medical appointment booking service claimed to follow the protocol, however. They stated that users agreed to such terms. Disturbingly, these conditions were not present in the official privacy policy. Instead, owners mentioned it in a separate document named “collection notice.” Additionally, users had no way to opt-out of having their data transferred to third parties.

Thus, health apps could potentially share your data with third-party entities. As noted in a study of five women’s health apps, even anonymous users have something to worry about. By anonymous, we mean that users do not necessarily create an account within the apps. However, such preventive measures are not enough to guarantee that information won’t reach external services.

It is crucial to read privacy policies carefully and analyze other documents discussing data-sharing. Some apps could exploit your health data to display advertisements. In more disturbing scenarios, information acquired from health apps could affect life insurance conditions. One company had even offered discounts in exchange for users’ fitness data. However, such information could also negatively influence your ability to get insurance or how much you will pay.

Contact-tracing apps are relatively new in the industry. However, privacy concerns surrounded them early on. The situation deteriorated quickly, with many apps leaking data or containing severe vulnerabilities. It became clear that although the reasoning behind contact-tracing apps was legit, they might also have unpredictable privacy downsides.

Can health apps be private and safe?

Unfortunately, health-related data collected through various apps might not have the high protection it deserves. Laws adapt to the ever-changing technology patterns, and it takes time to craft effective legislation. Over the years, many ambiguous health apps did not necessarily regard privacy or security as top-level priorities.

Thus, if you decide to use such tools to monitor your physical health, be cautious. Take the time to read privacy policies or other documents available. Carefully judge whether the introduced conditions do not overstep any boundaries. If possible, opt-out of having your data shared with third parties. Also, disable features that you might not use nor need. It is crucial to know which data apps collect and whether app owners have access to it. More privacy-oriented health apps could offer two-factor authentication for accounts. In case of a data breach, this protection layer could mean that your information remains safe.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

smart watchfitbit