This week, the Privacy Rights Clearinghouse, a California nonprofit dedicated to empowering individuals to protect their privacy, issued a study on mobile health and fitness apps based on a technical risk assessment they performed to determine what data the apps collected, stored, and transmitted. After studying 43 popular apps (both free and paid) from a consumer and technical perspective, the group found "considerable privacy risks for users" and that the privacy policies for those apps that have policies do not describe those risks.
Not surprisingly, the apps which presented the lowest privacy risk to users were paid apps due to the fact that they don't rely solely on advertising to make money, which means the data is less likely to be available to other parties. Of the free mobile apps the consumer group reviewed, less than half (43 percent) provided a link to a website privacy policy and of the sites that did in fact post a privacy policy only about half were accurate in describing the app's technical processes.
The problem, according to the report, is that "most consumers lack the tools and knowledge to analyze data flows and security, so they have no way of knowing what is happening behind the scenes." And, "even if privacy and security practices are accurately detailed in a privacy policy, the average user has no way to decipher them," the report concluded.
Among the Privacy Rights Clearinghouse's other findings:
- Many apps send data in the clear--unencrypted--without user knowledge
- Many apps connect to several third-party sites without user knowledge
- 72 percent of the apps had medium (32 percent) to high (40 percent) risk regarding personal privacy
As the report points out, the danger that health and fitness apps pose is that they "appeal to a wide range of consumers because they can be beneficial, convenient, and are often free to use." However, as the group warns consumers should not assume any of their data is private in the mobile app environment--even health data that they consider sensitive.
Is any of this really shocking? Last month, rogue Booz Allen Hamilton employee Edward Snowden exposed a massive effort by the National Security Agency to track cell phone calls and monitor the e-mail and Internet traffic of virtually all Americans. And, it was also revealed that the NSA and the FBI are siphoning personal data from the main computer servers of nine major U.S. Internet firms.
Unless you go completely "off the grid" and eliminate all forms of electronic communication, it's a safe bet that someone is looking at your data. As the Privacy Rights Clearinghouse advises users of mobile health and fitness apps: assume any information you provide to an app may be distributed to the developer, third-party sites the developer uses for functionality, and unidentified third-party marketers and advertisers. Welcome to our brave new world. - Greg (@Slabodkin)