[ad_1]
After creating fake accounts on high quality Android medical apps and badyzing their traffic, an investigation published Wednesday in BMJ found that almost four out of five data users shared user data with external entities. In addition, the Australian research team determined that many of these groups receiving the user information would likely be able to group the data and use it to identify a specific individual.
"[Mobile health] Applications claim to offer appropriate and cost-effective health promotion, but they pose an unprecedented risk to consumer privacy, given their ability to collect user data, including sensitive information, "wrote the authors of l & # 39; study. "Health application developers regularly and legally share their data with third parties in exchange for services that enhance the user experience (for example, connecting to social media) or monetizing the application (for example example, hosted advertisements). There is little transparency around data sharing with third parties, and health applications generally provide no guarantee of privacy, despite the collection and transmission of multiple forms of personal information and identification. "
TOPLINE DATA
The researchers found that of the 24 applications selected at the top of the Google Play Store, 19 (79%) shared user data with 55 different proprietary and third-party entities. All but three applications were transmitting data such as device name, browsing behavior, and email address outside the application, and two-thirds of the entities receiving the data are affiliated collection for advertising purposes or other badytical services.
Six percent of the 104 transmissions identified and badyzed by the researchers were sent in clear text, with at least three of the health applications broadcasting some user data in clear text. In some cases, researchers have noted specific sensitive data transmissions, such as a user's list of drugs, that could potentially be reused and sold to companies seeking to market this data. Also note, 19 apps (79%) requested permission to read or write from the device, 11 (46%) to view WiFi connections, 7 (29%) to read cell status and the identity of the device and 25% to read the connections. access the approximate or precise location of the user.
HOW IT HAS BEEN DONE
The researchers used an badysis tool and other recommendations to identify 821 free and paid medical applications. Each of these applications has been filtered by name and by inclusion criteria such as availability for Australian consumers, the link with medicine or care, interactivity, in-app requests. at least one "dangerous" permission and more. From there, the team created fictitious accounts to perform shared data traffic badysis and badysis of the content and network of the entities to which the data was sent.
WHAT IS THE HISTORY
A number of surveys have sounded the death knell for data security and privacy concerns for health applications, particularly in light of the latest news on Strava, Polar and other woes related to GPS.
In February, for example, a study found that many health apps were not secure and not in accordance with GDRP specifications, while a newer project has found similar problems among mental health applications. Xcertia, a standards and guidelines organization for mobile applications, has recently updated its draft directive on privacy and security for health application designers this year's HIMSS conference.
IN CONCLUSION
"Our badysis of the data-sharing practices of top-rated drug-related applications suggests that sharing user data is a common operation, but far from transparent," the researchers wrote. "Clinicians need to be aware of the choices they make regarding the use of their apps and, when recommending apps to consumers, explain the risk of loss of privacy through informed consent. Privacy regulators should consider that the loss of privacy is not a fair cost for the use of digital health services. "
Source link
