Free health apps laugh in the face of privacy, sell your wheezing data

Actually, invasive slurping goes way beyond the remit of 'fitness'

Man ties laces on running shoe pre-jog. Photo by Shutterstock

Free health tracker apps pose a severe privacy risk, security researchers warn.

Developers frequently neglect data protection and, worse, intentionally lure in users with free health gimmicks in order to monetise their data. Other sharp practices uncovered by the researchers include unsecured data transmission and ad tracking.

Experts at the AV-TEST Institute discovered that more than 80 per cent of 60 tested apps lacked a proper privacy policy despite handling unusually sensitive data.

Thousands of health and fitness tracker apps for Android smartphones have been created. Some help users organise and log their exercise regime by counting kilometres run or walked, calories ingested or pulse rate. Others remind patients to take their medicine on time or record high blood pressure alongside various more medical functions.

Apps can motivate users to get more exercise, eat healthier, record and interpret their own body and vital signs, and optimise their own behaviour accordingly. The downside is that that data collected by the apps can be used by advertisers, health insurance providers and other companies.

The 60 apps evaluated by AV-TEST cover a cross section of the eHealth apps offered free of charge in the Google Play store. They included Android programs for diagnosing diseases, search apps for medical information, pharmacies and physicians, and fitness trackers such as apps that monitor vital signs.

eHealth app permissions stray beyond core functionality [Source: AV-TEST blog post screenshot]

In addition to access to the user and device data, many apps also demanded access to photos and other data stored on mobile devices. GPS data as well as device IDs and call information were not infrequently requested, 12 apps demanded direct access to the camera, seven wanted to freely use the microphone, and three even required full telephony functions of the smartphones. Much of the slurped data was irrelevant to the core function of the app, AV-TEST reports.

More details on the research can be found here. ?

Biting the hand that feeds IT ? 1998–2017

  • 1015111305 2018-02-19
  • 6607141304 2018-02-19
  • 5587621303 2018-02-19
  • 6265761302 2018-02-19
  • 6666351301 2018-02-19
  • 3788381300 2018-02-19
  • 9596221299 2018-02-19
  • 1153531298 2018-02-19
  • 8253311297 2018-02-19
  • 1614291296 2018-02-19
  • 107351295 2018-02-18
  • 9487041294 2018-02-18
  • 7763841293 2018-02-18
  • 5836761292 2018-02-18
  • 615581291 2018-02-18
  • 5081161290 2018-02-18
  • 321961289 2018-02-18
  • 776731288 2018-02-18
  • 9075261287 2018-02-18
  • 3005511286 2018-02-18