We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

New Study Highlights Privacy Challenges in Mobile Health and Fitness Apps

Mark W. Brennan

Mark W. Brennan,

Washington, D.C.

02 August 2013
The Privacy Rights Clearinghouse (“Clearinghouse”) recently released a study funded by the California Consumer Protection Foundation examining the potential privacy risks of mobile health and fitness apps.  The study analyzed 43 popular health and fitness apps (free and paid) to identify potential privacy issues based on the data collected, stored, and transmitted by those apps.
New Study Highlights Privacy Challenges in Mobile Health and Fitness Apps

Overall, the study found that 26% of the free health and fitness apps and 40% of the paid apps had no privacy policy at all.  For the apps that had privacy policies, the study found that some of the policies were not always accurate in describing the apps’ technical processes.  Free apps were also more likely than paid apps to make user data available to third parties.  In addition, the study found that 13% of free apps and 10% of paid apps “encrypted all data connections and transmission” between the app and the developer’s website(s).

In addition to the study, the Clearinghouse issued a “how to” guide for mobile app developers that lays out a list of best practices for building privacy into mobile apps.  Among other suggestions, the guide recommends that developers avoid unencrypted (http) connections to transmit data from the app and instead utilize an encrypted (https) connection.  The Clearinghouse also recommends the use of privacy policies that clearly inform users of what data is being collected and what it will be used for, suggesting that the best way to do this is through contextual pop-up notices.

The release of the study is a reminder that app developers and other members of the mobile wireless ecosystem should review their existing data privacy and security practices for compliance with applicable Federal and state laws, especially as they deploy new consumer-oriented services.  For example, making sure that privacy notices are in place and updated to reflect current activities and data practices can help decrease the risk of consumer confusion, regulatory enforcement, and potential litigation.

Special thanks to Arielle Brown for her assistance with this entry.

Mark W. Brennan

Mark W. Brennan,

Washington, D.C.

Loading data