Mobile health apps diagnosed with data privacy concerns

Things that were already difficult before the pandemic are often exacerbated by the COVID-19 crisis and include those trying to seek outpatient treatment or counseling for physical and mental illness, including substance abuse. Initially, the rise of telehealth and mobile health applications offered a relieving alternative for many, but there are growing concerns about how these applications process personal data shared with them for clinical reasons.

At the beginning of the pandemic, various telehealth services appeared, often with warning of loose data collection restrictions to enable emergency assistance from remote healthcare providers for patients who may be located in a completely different region or even country.

While the burden of care was the main focus in those early days, the explosion of mobile health services and apps for everything from filling prescriptions to seeking treatment revealed how, like many mobile apps, health apps routinely collect user data and track users online. movements (and with the help of GPS geolocation data in your device you can track the actual charging movements).

As far as healthcare applications are concerned, ‘user data’ is also patient data, and most of these applications do not share policies that remotely resemble patient-patient confidentiality. New research ExpressVPN’s Digital Security Lab, in partnership with the Opioid Policy Institute and the Defensive Lab Agency, found that almost all applications provide third-party access, including Facebook and Google, with access to user data.

“Application-based approaches to public health issues are facing increasing control due to a lack of appropriate confidentiality and security. Covid-19 contact tracking frame developed by Google “It has been found that there are significant privacy issues with Bluetooth IDs stored in Android’s system logs,” the report said. “It simply came to our notice then The contact tracking application in Norwayranked along with Kuwait and Bahrain for location data leakage. “

The Digital Security Lab has applied the same focus on privacy and security to ten health apps for opioid addiction and recovery smartphones, and found that for the most part these apps track unique identifiers of different devices, ranging from software-defined identifiers to tokens that show the user’s hardware and the customer’s account with their cellular service provider.

It should also be noted the abundance of sensors on consumers’ smartphones nowadays, including accelerometers and ambient light sensors. When it comes to a privacy attack vector, “GPS, Bluetooth and cellular radio are commonly used to track location, and in particular Bluetooth is increasing as a channel for retrieving personal user data,” the ExpressVPN report said.

They can work in agreement with Internet of Things (IoT) device distribution and sensors that are constantly increasing in the world, such as security camera sensors and even road sensors to create a user profile of the user, and perhaps his family and close associates, if there is enough data.

“Many of the applications we studied collected location information in some form, relying on a combination of GPS, mobile network / cellular radio, and Bluetooth technology,” the study notes. “This location information, especially when associated with unique identifiers, enhances the ability to track an individual who carries a smartphone, their daily habits and behavior, and even pinpoint their friends and family.”

The report highlights how health applications can collect some of the most personal data, data that might otherwise be expected to be treated in the strictest confidence, and share it with third parties, including other platforms, advertisers and sometimes even and unknown countries.

The findings reflect similar findings from the British Medical Journal, which conducted an in-depth analysis of more than 20,000 mobile health apps in the Google Play Store and found that 88% of them use tracking IDs and cookies to track users’ activities. 28% of these apps do not have the privacy policy of any kind listed in the Play Store.

However, BMJ’s research praised it European common data protection regulation, “Which has improved transparency around the practices of collecting and sharing data from applications and requires specific measures to ensure active consent for data sharing. ” In addition to these statistics, researchers also found only 1.3% (3,609) of user feedback. privacy concerns, but this awareness of the security situation of such health applications is growing.

Joe Devanesan