Many of the most popular mobile health and fitness apps (both free and paid) carry considerable privacy risks for users—and the privacy policies for those apps that have policies do not describe those risks, according to a new study from the Privacy Rights Clearinghouse.
For the study, Privacy Rights Clearinghouse evaluated 43 popular health and fitness apps from both a consumer and technical perspective. Consumers should not assume any of their data is private in the mobile app environment—even health data that they consider sensitive. Users must weigh the benefits of the service with the realistic possibility that they are revealing information about their health not only to the app developer or publisher but also to third parties, the report concluded.
Of the free apps reviewed, just under half (43 percent) provided a link to a website privacy policy. Of the sites that posted a privacy policy, only about half were accurate in describing the app's technical processes.
Other key findings included:
- Many apps send data in the clear—unencrypted—without user knowledge.
- Many apps connect to several third-party sites without user knowledge.
- Unencrypted connections potentially expose sensitive and embarrassing data to everyone on a network.
- Nearly three-fourths, or 72 percent of the apps assessed presented medium (32 percent) to high (40 percent) risk regarding personal privacy.
- The apps which presented the lowest privacy risk to users were paid apps. This is primarily due to the fact that they don't rely solely on advertising to make money, which means the data is less likely to be available to other parties.