Are you planning to download the stylish looking new health app from Google’s Play Store or Apple’s App Store? Well, you should be a bit careful then. After all, the app you are downloading for keeping a track of the medicines might be sharing the data with a host of companies. In fact, some of the companies with whom the data is being shared are not related to the healthcare industry at all.
Researchers ran two dozen medication apps on their own pace by using a fake identity, in order to see what was being done with the data. The survey result revealed the sharing of data was a common procedure and far from transparent.
The head of the research, Quinn Grundy, an assistant professor in the faculty of nursing at the University of Toronto, stated that the crucial finding from the study is that health-related data is extensively shared with companies that have nothing to do with health.
Grundy stated that it’s a violation of privacy that is not only shameful but could also affect the lives of people in great ways, just as the credit score does. Grundy’s team tested 24 top-rated publicly available medication apps devised to work on Android phones in the UK, Canada, the US, and Australia. The interactive apps offered information about medication dispensing, administration as well as on usage.
After downloading each app to a smartphone with one of four fictional users, the researchers ran each app 14 times to see its “normal” network traffic associated to 28 types of user data, which includes Android ID, user’s birthday, email, and precise location.
After that, one source of user information was changed and the app again ran again, to find disclosing of sensitive data sent to a remote server outside the app. Companies which received sensitive user data were then recognized by their IP addresses, permitting the researchers to analyze their websites and privacy policies.
In total, the data were shared with 55 unique organization owned by 46 parent companies – which include developers, parent companies, and service providers, many of which were involved in collecting user data for analytics or advertising.