2013 09 12 NYT Free Apps for Nearly Every Health Problem, but What About Privacy? – NYTimes.com

http://www.nytimes.com/2013/09/12/your-money/free-apps-for-nearly-every-health-problem-but-what-about-privacy.html?emc=edit_tnt_20130912&tntemail0=y

Free Apps for Nearly Every Health Problem, but What About Privacy?

Need to lose weight, quit smoking, improve your sex life or get a better night’s sleep? There’s an app for that — all of it — and more. Thousands of mobile apps are available to improve your health and fitness.

But beware.

Health apps can provide information and motivation to help you manage your well-being, and they’re easy to use and often free. But they may not have protecting your privacy as a priority.

Health apps collect all sorts of personal information, like your name, e-mail address, age, height and weight. Others get even more detailed, depending on the focus of the app; fertility apps, for instance, allow you to enter details of your menstrual cycle, and exercise apps allow you to post the route of your daily jog.

Yet, an analysis of 43 popular wellness apps by the nonprofit Privacy Rights Clearinghouse found that many apps connect to advertising and data analysis sites without the user’s knowledge. And, they often transmit unencrypted information over insecure network connections — possibly including your medical and pharmaceutical search terms, like those for sexually transmitted diseases or antipsychotic drugs. That’s the computer equivalent of sending a postcard, rather than a letter — it’s easy for others on a network to read what’s being transmitted, said Craig Michael Lie Njie, a consultant who did the technical analysis for the report.

For the analysis, financed by the California Consumer Protection Foundation, the clearinghouse used apps available on the iTunes App Store, for iOS devices, and Google Play for Android phones and tablets. (The report didn’t identify the apps, saying its goal is to educate consumers and app developers.)

The report concluded that health apps posed “considerable” privacy risks for consumers, and users shouldn’t assume any of their data on a mobile app was private. Only 13 percent of free apps, and 10 percent of paid apps, encrypted all data connections between the app and the developer’s Web site. Many apps don’t have privacy policies, and those that do don’t always adequately describe the potential risks. More than a quarter of the free apps, and 40 percent of the paid apps, had no privacy policy at all.

Robin Thurston, chief executive of MapMyFitness, which offers a group of exercise sites and apps including the popular MapMyRun, said his company had developed a detailed privacy policy explaining how user information was used. It also includes a link for users who want to opt out of certain kind of ads. “Our apps are not passing any individual health information to any third-party services,” he said. “I can tell you we are not doing that with people’s information.”

He advised consumers to consider the credibility of the health apps they choose. Better-known brands and developers with a track record — in which he includes MapMyFitness — have more resources to spend on comprehensive data security, whereas smaller or offshore operations may be less reliable. With very small app developers, “You could be sending your data into someone’s home server to be stored,” he said. “I’m not sure consumers are aware of that.”

Mike Lee, chief executive of MyFitnessPal, which offers a free calorie counter app, said in an e-mailed statement: “Protecting our customers’ personal information is and always has been a top priority. For example, we work very hard to ensure that any data provided to us is transmitted and stored in a secure manner.” He said the company did not sell customers’ data or use it in any way without explicit permission.

Many apps encourage users to share information through social media sites like Facebook, to seek support for their weight loss or fitness goal. But you should be cautious about revealing details of your medical conditions, since once information is public you have little control over it.

“We’re not telling people not to use them,” Beth Givens, director of the Privacy Rights Clearinghouse, said of health apps. “But you should know what you’re getting into.”

Here are some questions to consider.

Are there any laws governing the use of health information I may share using an app?

Medical information that’s shared directly between you and your doctor or your hospital is covered by the privacy provisions of the Health Insurance Portability and Accountability Act, or Hipaa. But there’s little regulatory protection for health information shared over consumer apps, unless it’s a device prescribed or provided by your physician. In most cases, “You’re on your own with these commercially available apps,” said Joseph Lorenzo Hall, a senior staff technologist who works on health privacy issues at the Center for Democracy and Technology.

■ How can I be sure my information won’t be shared with marketing or advertising sites?

You should assume any information you impart using an app will be shared, Ms. Givens said. But you may get better protection by using paid apps, rather than free ones, because paid apps don’t rely solely on advertising revenue — and so are less likely to share information with outside firms that gather information to target their ads.

What can I do to protect myself?

Try to read an app’s privacy policy before using it. The policy should describe the app’s information-sharing practices, and may give instructions for opting out of some of them. If it’s not available within the app, it may be posted on the developer’s Web site. You can even try to contact the developer with questions.

Privacy policies, however, are mainly aimed at protecting app developers from lawsuits, rather than protecting the privacy of your information, said Mr. Lie Njie. He advises sharing only data that you wouldn’t mind becoming public.

Advertisements