Researchers analyzed more than 200 Android health apps aimed at helping people manage diabetes, such as apps that keep a log of blood glucose levels, or track all the foods you eat. They found that 81 percent of these apps did not have privacy policies available before a user downloaded the app. (This means a user could not learn how their information would be used before they downloaded the app.)
And among the apps that did have privacy policies available pre-download, about half said that they shared user data with third parties.
The researchers then downloaded 65 diabetes apps at random, and found that 76 percent of apps without privacy policies available pre-download, and 79 percent of apps with them, shared sensitive health information, such as users' insulin and blood glucose levels,with third parties. These third parties included marketing companies, data aggregators or other websites that were not under the control of the app developer.
The findings are concerning because "these apps can contain a lot of sensitive medical information," said Sarah Blenner, a co-author of the study and a research fellow at the Illinois Institute of Technology Chicago-Kent College of Law. Although this information might be shared for a helpful purpose, such as helping a user learn about a new medication, "that information can also be used against a person to limit opportunities," and to discriminate, she said.
For example, an employer might decide not to interview a job applicant if the employer had access to certain health information, Blenner said.
"Once sensitive medical information is leaked, then the consumer has totally lost control over it and they can never take it back," Blenner told Live Science. [9 Odd Ways Your Tech Devices May Injure You]
There is no federal law that prevents the health information contained in apps from being shared with third parties, and apps don't always disclose when they share information, she said.
Health appshave the potential to improve people's health, but "we need to create an environment where people won't be concerned about information being disclosed," Blenner said.
This will involve making polices that promote consumer privacy, Blenner said, such as requiring apps to ask for a user's authorization before sharing his or her data, rather than sharing data as the default option.
In the meantime, users should avoid downloading an app if they don't know what the privacy policies are, Blenner said.
The study is published today (March 8) in the Journal of the American Medical Association..