Health app insecurity highlighted in international research
Some clinically-accredited health apps are sending non-encrypted personal and health information potentially putting user-privacy at risk, according to international research.
Some clinically-accredited health apps are sending non-encrypted personal and health information potentially putting user-privacy at risk, according to international research published in the medical journal BMC Medicine.
Researchers from Imperial College London in the UK and Ecole Polytechnique CNRS in France reviewed 79 apps that were listed on the UK NHS Health Apps Library, available on Android and iOS platforms and covered a range of areas including weight loss, alcohol harm reduction, smoking cessation and chronic disease.
The National Health Service Health Apps Library contains a list of apps for patient and public use that have been reviewed to ensure they are clinically safe and comply with local data protection law.
Researchers assessed the apps over six months by inputting simulated information, tracking the handling of this information and looking at how this agreed with any associated privacy policies.
According to the results, which were published on Friday, 70 of the apps (89 per cent) reviewed transmitted information to online services and 23 of those sent identifying information over the internet without encryption.
Only 53 apps had a privacy policy (67 per cent) and of the 38 apps that also transmitted information, the privacy policy did not state what personal information would be included in the transmissions, the research found.
It further identified that four apps were sending both identifying and health information without encryption.
Lead researcher Kit Huckvale from Imperial College London said it was known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and sent to a third party.
“However, it was assumed that accredited apps – those that had been badged as trustworthy by organisational programs such as the UK’s NHS Health Apps Library – would be free of such issues,” he said.
“Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS.”
Australian health app rating scheme
In mid-September, the Victorian Health Promotion Foundation (VicHealth), which is funded by the Victorian Department of Health, launched a Healthy Living Apps Guide.
The guide provides an independent rating of more than 200 smartphone apps for their effectiveness in helping people lead healthier lifestyles including Nike+ Running, Fitbit, My Diet Diary Calorie Counter, Water your Body, Quit Now: My QuitBuddy, Tap to Smoke, Alcohol Cutdown Coach and Map my Fitness.
While an independent survey commissioned by VicHealth of 4,062 Australians found that 40 per cent trusted health and wellbeing apps for information about being healthy, the new guide shows that many may be ineffective.
The review looked at how user-friendly and effective the apps were likely to be in helping someone adopt a healthier lifestyle and the best rating achieved was three out of five.
According to VicHealth’s website, the Healthy Living Apps Guide process involved a six-step screening, review and rating process. On security features, the review indicates whether an app has a privacy statement or policy, requires login, has password protection, asks permission to send push notifications or allows data exports. But it does not state whether transmitted information is encrypted.
Technology Review has sought further information from VicHealth regarding what security features were assessed.
At the launch of the guide, VicHealth CEO Jerril Rechter said apps could be effective in helping people adopt healthier lifestyles, but there was room for improvement and Australians should use them with caution.
In addition to a guide for consumers, she said VicHealth had produced a set of guidelines to assist app developers design more effective products, both of which are available here.
VicHealth’s top 10 tips for choosing a healthy living app
- Make sure the app is enjoyable to use.
- Find an app that suits your needs.
- Choose an app supported by someone you trust.
- Use an app that supports what you already have.
- Make sure the app allows you to create and modify your own goals.
- Choose an app that lets you track your behaviour.
- Choose an app that shows you how to do an activity.
- Use an app that allows you to share your progress with your friends, whether this is
- Find an app that has notifications.
- Choose an app that rewards you when you succeed.
Sign up to Technology Review’s weekly e-newsletter for news and analysis, as well as coverage of the latest products, resources and events. You can also follow Technology Review on Twitter. Send your company news, tip-offs and news on tech resources, products and events to negan@intermedia.com.au