“Mechanisms that potentially enable a small number of dominant online service providers to link information about the use of mental health apps, without either user consent or awareness, appear to be prevalent,” Kit Huckvale, MB ChB, MSc, PhD, of Black Dog Institute at the University of New South Wales Sydney in Randwick, New South Wales, Australia, and colleagues wrote in their study. “Mismatches between declared privacy policies and observed behavior highlight the continuing need for innovation around trust and transparency for health apps.” The study was published in JAMA Network Open.
and colleagues examined the top 36 depression and smoking cessation apps for Android and iOS in the United States accessed in January 2018; Of the apps downloaded, 15 apps were Android-only, 14 apps were iOS-only, and 7 apps were available on both platforms. The apps were assessed over a series of two sessions while network traffic was captured during use, which allowed researchers to determine what personal information was in each data transmission and where the information was going.
The type of data sent to Google and Facebook consisted of a strong identifier to the device or a username (9 of 33 apps; 27%), or a weak identifier in the form of an advertising identifier or a pseudonymous profile that can link users to their behavior on the app and on other products and platforms (26 of 33 apps; 79%).
“As smartphones continue to gain capabilities to collect new forms of personal, biometric, and health information, it is imperative for the health care community to respond with new methods and processes to review apps and ensure they remain safe and protect personal health information,” the researchers concluded.
One of the investigators, Mark E. Larsen, DPhil, reported receiving grants from National Health and Medical Research Council. The other authors reported no relevant conflicts of interest.
SOURCE: Huckvale K et al. JAMA Netw Open. 2019..