March 22, 2019
New research shows there is a hidden privacy risk in plugging sensitive personal health information into common health apps used to keep track of medication or look up symptoms of illness.
In the study published Wednesday in the BMJ medical journal, U.S, Canadian, and Australian researchers tested two dozen popular, Android apps used by patients and doctors in the three countries, according to a Gizmodo report:
They then created four fake profiles that used each of the apps as intended. To establish a baseline of where network traffic related to user data was relayed during the use of the app, they used each app 14 times with the same profile information. Then, prior to the 15th use, they made a subtle change to this user information. On this final use, they looked for differences in network traffic, which would indicate that user data obtained by the app was being shared with third parties, and where exactly it was going to.
According to the researchers, 19 of the 24 apps shared user data outside of the app for various reasons.
Per the report, the data would sometimes be used for advertising, other times for credit reporting purposes. Only one credit reporting agency, Equifax, had an agreement with a third party, which isn’t the best news since it suffered one of the largest hacks in recent history.
For the time being, customers have no real say in what companies can do with their data once they choose to share it. Further, researchers found that it’s nearly impossible to opt out of data sharing.