- The vast majority of health and fitness tracking apps on mobile platforms put user data at risk.
- A team of university researchers found out that 88% are potentially dangerous to their userbase.
- Identifying the worst of them is complicated, but there are ways to find “red flag” cues.
A team of researchers at the Optus Macquarie University Cyber Security Hub in Sydney has taken a deep dive into every health app available on the Google Play Store in Australia to determine what data they collect and how much of it is shared with third parties. Out of a total of 20,991 analyzed apps, 18,472 (88%) were found to put the users’ privacy at great risk - 12,917 of these apps belong to the "health and fitness category," while the other 8,468 are classified as "medical."
Since the vast majority of these apps are available on the Play Store of other countries from around the globe, and many are present even in Apple’s App Store, the researchers' findings hold importance for everyone. Here are the key outcomes of the analysis:
- 3.9% transmitted sensitive user information in their network traffic
- 23% of these transmissions happened through unencrypted or insecure communication protocols
- Of those using risky protocols, 42% transmitted GPS coordinates and 75% transmitted user passwords
- 28.1% of all apps tested didn’t even bother to compile and offer a privacy policy for the users
- Of those that had a privacy policy, only 47% complied with it
- 68% of user data transmissions go to the top 50 third parties
- Only a mere 1.3% of user reviews on these apps raise concerns about data privacy on the Play Store
The situation is generally problematic, and the user remains at the epicenter of the responsibility to evaluate the apps and only use those that seem trustworthy. Determining this isn’t always simple or easy, but starting from the existence of a privacy policy would be a solid basis. Additionally, you should read several reviews, especially recent ones, and check the developer’s website for more 'about us' and 'contact us' details.
When you decide to install a new app on your device, make sure that you have a clear idea of what service the app is supposed to offer. If the permissions granting prompt seems excessive, don’t approve the requests. Health and fitness apps definitely need access to risky parts of your phone’s functionality, like GPS and accelerometer sensor data, for example. However, they could stay away from contacts, microphones, and cameras and still work as normal.