Privacy advocates call out mobile health developers for ‘abysmal’ security protections

Health and fitness apps are blowing up. But before you download one, you might want to do a little digging into its privacy and security policies.
According to a study released Tuesday by the San Diego, California-based Privacy Rights Clearinghouse, many of the most popular wellness apps carry privacy risks for users. The report, which evaluated 43 free and paid apps, found that many apps lack privacy policies, send information without encryption and transmit user data to third-parties (like advertisers, ad networks and analytics companies) without informing users. In some cases, the report said, personally identifiable information (PII) was sent to third parties in the clear.
“Data security and privacy – from a technical standpoint – is abysmal,” said Beth Givens, founder and director of the privacy-focused non-profit.
Privacy and security issues are hardly confined to health and fitness apps. But given the often sensitive nature of health data stored on wellness apps, which can range from weight loss trackers to blood glucose monitors, apps used for health purposes should be adhering to a much higher standard of privacy and security protection, Givens said.
For its report, the Clearinghouse focused on the top 20 paid apps in the health and fitness categories in Google Play (s GOOG) and Apple’s (s AAPL) App Store, as well as 23 of the most popular free wellness apps on both platforms. While the Clearinghouse chose not to name the apps in its report, some of those apps could have included Nike+ Running, Runkeeper, Lose It! and WebMD.
According to the report:

  • 13 percent of free apps and 10 percent of paid apps encrypt all data connections and transmissions between the app and the developer’s website.
  • 39 percent free apps and 30 percent of paid apps send data to someone not referenced by the developer in the app or privacy policy.
  • 26 percent of free apps and 40 percent of paid apps did not have a privacy policy.
  • 43 percent of free apps and 25 percent of paid apps provided a link from the app to a privacy policy on the developer’s site.

Not surprisingly, paid apps – which don’t rely on advertiser dollars and therefore depend less on tracking data – were found to be more secure than free apps. In addition to suggesting that people select paid apps over free ones, the Clearinghouse recommends that users do more research before downloading apps. For mobile app developers, the non-profit released a dedicated report on how to reduce security and privacy risks for users.
The report comes on the heels of another study earlier this month revealing that some major health websites, including, Men’s Health and the health sections for the New York Times and Fox News, are sharing users’ health searches with third parties. According to the New York Times, concern about user privacy on health sites led Lisa Madigan, the attorney general of Illinois, to open an inquiry into the data-mining practices of popular sites. Last week, she reportedly sent letters to eight sites, including,, and, asking for information on their data collection, storage and sharing practices.