- The vast majority of health and fitness tracking apps on mobile platforms put user data at risk.
- A team of university researchers found out that 88% are potentially dangerous to their userbase.
- Identifying the worst of them is complicated, but there are ways to find “red flag” cues.
A team of researchers at the Optus Macquarie University Cyber Security Hub in Sydney has taken a deep dive into every health app available on the Google Play Store in Australia to determine what data they collect and how much of it is shared with third parties. Out of a total of 20,991 analyzed apps, 18,472 (88%) were found to put the users’ privacy at great risk – 12,917 of these apps belong to the “health and fitness category,” while the other 8,468 are classified as “medical.”
Since the vast majority of these apps are available on the Play Store of other countries from around the globe, and many are present even in Apple’s App Store, the researchers’ findings hold importance for everyone. Here are the key outcomes of the analysis:
- 3.9% transmitted sensitive user information in their network traffic
- 23% of these transmissions happened through unencrypted or insecure communication protocols
- Of those using risky protocols, 42% transmitted GPS coordinates and 75% transmitted user passwords
- 68% of user data transmissions go to the top 50 third parties
- Only a mere 1.3% of user reviews on these apps raise concerns about data privacy on the Play Store
When you decide to install a new app on your device, make sure that you have a clear idea of what service the app is supposed to offer. If the permissions granting prompt seems excessive, don’t approve the requests. Health and fitness apps definitely need access to risky parts of your phone’s functionality, like GPS and accelerometer sensor data, for example. However, they could stay away from contacts, microphones, and cameras and still work as normal.