Beware of privacy risks with health apps

Mobile health apps recently have come under extra scrutiny, due to privacy and security concerns concerning how they handle and share customer data.   

According to The Guardian, a study of 20,000 mobile health apps on the Google Play store found that 88% used cookies and tracking identifiers, and some even tracked users across different platforms. Many of these apps store sensitive health information, including overall health statistics, symptoms of various illnesses, and menstruation tracking.  

Furthermore, Mozilla discovered in its recent study of 32 mental health and prayer apps that 25 were not up to scratch. Poor practices included allowing weak passwords, data sharing, and substandard privacy policies, and Mozilla concluded the app category as the worst type they had reviewed in six years.   

Privacy advocates point out that when using a health app, once you grant access to your data, you can’t control how your sensitive health information may be used, or who has access to it. And many people don’t know how vulnerable that data may be. As Evan Greer of Fight for the Future told Protocol, “many people just don’t actually know what risks are associated with handing over sensitive data to these companies.” 

First of all, many of these apps sell health data to advertisers. For example, Flo, a period and fertility tracking app, recently came to a settlement with the FTC over allegations of sharing the health data of its users with third-party marketing and analytics companies, which included Facebook and Google.   

Some apps also claim that anonymous data use is necessary for scientific research. Clue and Apple both use devices this way and state in their privacy policies that individual data can’t be traced back to the user. But it’s possible for companies (subject to a data request from an appropriate authority) to connect data stored on a phone, or under an anonymous user ID, to the user.  

Why does all this matter? When it comes to personal health data, privacy should be a basic right, but with various legal and regulatory issues, users can be left vulnerable.  In particular, changing laws over women’s health and reproduction means that certain health data could be used against users of these apps. 

India McKinney, the Federal Affairs Director at Electronic Frontier Foundation, points out that “anything that could be shared with advertisers can be shared with law enforcement.” If someone breaks a law and the police have reason to believe evidence can be found on an app, the data can be subpoenaed. This is true even for apps that have strong privacy policies and don’t sell data to advertisers.

And for users in the US, the Health Insurance Portability and Accountability Act, or HIPAA, prevents doctors from disclosing an individual’s medical history without consent, but it doesn’t apply to information stored within mobile apps. 

Making matters worse, there is wide divergence among health app privacy policies — and a tendency to shift policy parameters at short notice. University of Houston researchers recently co-authored an op-ed in Science to encourage more consistency and regulation. As co-author Julia Roberts, Director of the Health Law and Policy Institute, told The Verge, “I think people generally have no idea they might agree to one set of terms and it could change to another set.”

Another thing to be aware of is the all-too-common company mergers, acquisitions, and other corporate changes. In many cases, users’ data will be passed on to the new owners, and then subject to a completely different privacy policy. As we’ve seen, companies are often bought solely to gain access to valuable personal data just like this.

The upshot of all of this is that in order to protect your privacy, you may wish to consider what apps you install on your mobile devices, and monitor what kinds of data these apps can access. If you have any concerns that certain data could be used against you, especially involving matters such as mental and reproductive health, it might be better to record that data offline.

In other news

• Apple & Tesla experience supply shortages. Yahoo reports the news is grim out of Shanghai with citizens in complete lockdown over China’s zero-tolerance policy concerning Covid infections. As a direct result, Apple is predicted to take a loss of $8 billion in revenue in the third fiscal quarter. With 75% of Apple’s products manufactured by the Shanghai Quanta factory, Apple’s share price took a tumble as the reality of supply shortages took hold. As the factory continues experiencing mass shutdowns and workers get shuttled out to quarantine zones, Quanta’s other major customer, Tesla, is similarly affected. Figures just out showed Quanta only produced 1,512 Tesla cars in April, down from regular times production rates of 2,100 a day. Other factors impacting both companies include supply problems due to the war in Ukraine and the rising price of oil.

• India creates laws to snoop on VPN users. CNet reports new privacy concerns from India, where VPN, data center, and cloud service providers could potentially face up to one year in prison if they refuse to comply with supplying data on their customers. The new law directly impacts customer privacy, long a staple of VPN provision. Companies will have to keep information on names, IP addresses, and patterns of usage, even if a customer cancels their subscription. In all cases, companies need to log the information with CERT, India’s Computer Emergency Response Team, and monitor and report on their users’ “unauthorized access to social media accounts.” The new laws come after government-imposed Internet shutdowns saw notable spikes in VPN demand in India according to digital rights group Access Now.
• De Beers vows diamond purity in response to the Ukraine crisis. According to Reuters, De Beers’ diamond unit deployed its blockchain platform this week to trace and track rough diamonds across the globe. It specifically checked to find out if any diamonds were originally sourced in Russia. Described by CEO Bruce Cleaver as “a huge public ledger, as immutable as anything invented,” their platform aims to verify both authenticity and responsible sourcing. After the U.S. imposed sanctions on Russia’s Alrosa mine, currently the world’s largest diamond producer, De Beers, as the second-largest producer, wants to ensure no diamond is from a conflict zone where gems could be used to finance violence. As retailers Signet, Tiffany and Co, and others stopped the use of Russian diamonds in their jewelry, the demand for responsibly-sourced diamonds that do not originate in Russia is high.

• SEO website favorite Moz.com taken down. The DMCA copyright infringement process is under the spotlight according to Searchengineland.com. A recent filing by the complainant, the Dr. Driving app, says Moz distributed over 185 URLs belonging to their app that were “modified, cracked or unauthorized.” Once Moz.com was successfully taken down, this prompted Cyrus Shephard of Zyppy SEO to comment on Twitter that this incident demonstrates how the “DMCA literally lets anybody abuse the system, and it breaks Google.”
• Crash a Google Doc with one word. Do you ever find yourself typing random words at the start of a doc just to get the creative juices flowing? In a bizarre discovery, it seemed that up until this week, if you started typing a certain word sequence into Google Docs you could crash the app. The flaw, discovered by regular Google Docs Editors Help forum poster  Pat Needham, involves typing ‘And’ five times. 

Tip of the week

While Moz.com, along with other premium SEO tools, make life easier for digital marketers, much of the data they provide can now be found elsewhere. Demand for organic search insights has grown, so search engines and CMS developers have responded with helpful dashboards of all shapes and sizes. The next time your go-to SEO tool goes down, or if you are just looking to lower expenses, turn to other highly advanced free tools readily available to anyone.  

Google Search Console is the most valuable tool you can use to research organic site performance. Once your site is verified, you get precise details about your top-ranking pages, what keywords are truly driving traffic, and dozens of other metrics. Bing Webmaster Tools offers free technical SEO diagnostics for your pages on demand. WordPress now offers the free Performance Lab plugin to optimize your website resources, and WooCommerce gives online retailers a free, fully integrated analytics dashboard.

Make no mistake, premium SEO tools will automate your tracking and reporting, but these free tools are easier to access and often simpler to use. Try them out, and you just might discover something new about the way people are finding your website. 

If you found this week’s news roundup useful, please share it with your social networks!