“It’s an unregulated industry, so there are no standards,” said Beth Givens, director of Privacy Rights Clearinghouse, a San Diego nonprofit geared toward informing and helping consumers.
For app developers, there are not standards or best practices for privacy protection, she said, and it shows in the results from her recent study of 43 of the most popular mobile apps for health and fitness. Though some apps have privacy policies visible for the user, many do not, and those that do rarely include important details.
“You have to be quite technically savvy to figure out what these apps are doing with your sensitive personal information,” Givens told HealthBiz Decoded.
As we noted in our earlier story on Internet searches for health terms, privacy in the age of computers is often an assumption but not a guarantee. Consumers must do a lot more digging to figure out where their data is going and who can see it.
“It’s obviously not transparent what happens to your data,” she said.
Using data tracking tools, Givens and her coauthors performed a technical risk assessment to determine what data the apps collected, stored and transmitted. They found that many apps send unencrypted (visible) data without telling the user, some to unidentified third parties, likely marketing and advertising destinations.
“There are very, very few people who would use the kinds of tools that our project technologist used to ferret out this information,” Givens said.
Though she wouldn’t recommend any apps by name, Givens did give us her tips for navigating the app store like a pro.
Tips for choosing and using an app
- Research apps before you buy them.
- Never assume your data is private. Accept that anything in the mobile app environment could be shared not only with the app developers but with unknown third parties as well. Proceed with caution.
- Pay attention to how much personal information the app requires before allowing you to try it. If it feels too intrusive, try another instead.
- Try to limit the personal information you provide, and exercise caution when you share it.
- Ask a tech savvy friend to help you determine what information an app is asking for, help you navigate settings, and potentially help you restrict the information an app gathers.
- Paid apps may offer more privacy protections than free ones. In the study, the apps with the lowest privacy risks to users were paid apps. Givens believes that it’s probably because they don’t rely solely on advertising to make money, which means the data is less likely to be available to other parties. But many paid apps still didn’t use encryption, she said.
- If you stop using an app, delete it. If you have the option, also delete your personal profile and any data archive you’ve created while using the app.