Using an health app in your mobile phone? Be cautious as some health apps may be sending unencrypted personal and health information to other online services, putting users at risk.
According to researchers, most of the app that have been clinically-accredited by the British National Health System (NHS) may not have been complying with principles of data protection.
"Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk," said lead researcher Kit Huckvale from Imperial College London.
The team from Imperial College London and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the "NHS Health Apps Library" in July 2013 and are available on Android and iOS platforms. The apps covered health areas such as weight loss, alcohol harm reduction, smoking cessation and long-term condition self-care.
The apps were assessed over a six-month period by inputting simulated information, tracking the handling of this information and looking at how this agreed with any associated privacy policies. Of the apps reviewed, it was found that 70 of the apps transmitted information to online services and 23 of those sent identifying information over the internet without encryption. Four apps were found to be sending both identifying and health information without encryption.
"The results provide an opportunity for action to minimize the risk of a future privacy breach," Huckvale noted.
It is estimated that 1.5 billion smartphone users have a health app installed and this number is set to treble in the next three years. Britain's NHS Health Apps Library is a curated list of apps for patient and public use. Registered apps undergo an appraisal process that examines clinical safety and compliance with data protection law. The research was published in the open access Journal BMC Medicine