Popular apps for depression and smoking cessation secretly leak data
Image credit: Dreamstime
A study has found that free apps to help people stop smoking or cope with depression have been leaking highly personal data to third parties, often without informing their users.
Concerns have been raised previously about the handling of sensitive data collected from apps such as period-tracking app Flo (which sent user data to Facebook) and the companion app for the We-Vibe sex toy (which sent highly intimate data back to the manufacturer). In 2015, the NHS Apps Library was forced to shut several apps out of its collection following reports that many of its endorsed health apps were failing to responsibly handle personal user data.
A study has found that many free apps marketed to people struggling to cope with personal troubles, such as mood disorder and addiction to cigarettes, have been leaking data to third parties such as Google and Facebook without explicitly warning their users.
The study, conducted by researchers at the University of New South Wales in Sydney and the Beth Israel Deaconess Medical Centre in Massachusetts, was published in JAMA Network Open.
The researchers searched for apps in Google’s Play Store and Apple’s App Store using the keywords ‘smoking cessation’ and ‘depression’. They then downloaded the apps and checked to see whether data entered into them was shared by intercepting the app’s traffic.
Two of the apps (6 per cent) included sensitive user-reported health information, such as substance use or diary entries, among the data sent to third parties.
Steven Chan, a doctor at the Veterans Affairs Palo Alto Health Care System, told The Verge that third parties could use surreptitiously collected data from these apps to target individuals struggling with personal issues. This could include targeting ads for e-cigarettes or alcohol towards people attempting to give up smoking, who may have tendencies towards substance addiction.
“While smartphone apps hold substantial potential to increase access to mental health care, our results highlight deficits in the disclosure of data transmission practices involving third parties,” the authors wrote in their concluding remarks.
“As smartphones continue to gain capabilities to collect new forms of personal, biometric, and health information, it is imperative for the health care community to respond with new methods and processes to review apps and ensure they remain safe and protect health information.”