Security and privacy of health apps

Tips to improve your safety and security around health apps

With new healthcare apps and devices being created every day, it's important to take care of how your personal health information is collected and used. On this page, you can learn about keeping yourself safe when using health apps.

Generally health apps are not covered by legal requirements to safeguard your data privacy and security, so you need to take steps to protect your personal information when using mobile health apps.

What are the risks?

Many health apps collect a range of personal information and have poor security. This means it's not always possible to control who accesses your data, when they access it, how they access it and whether you are informed about your data being accessed.

  • Your personal health data is unique, and includes personal information about you and your health.
  • If your personal health data is leaked someone might use it for their own gain. It could be used to cause you financial loss or harm to your reputation.
  • It is different from your financial data, which is better protected. For example, if your credit card number is stolen, you can block that number and have a new number issued.

Although apps may have a privacy policy that says they protect the privacy and confidentiality of your information, they may transmit that data unencrypted (not coded) and over unsecure network connections. This puts it at risk of being accessed by someone else. See What is a privacy policy? below.

Mobile applications, especially apps that you download for free, depend on advertising to make money. See Is your data being shared with a third party or advertiser? below.

Handy tips

Things you can do to improve your safety and security when using apps

  1. Research the app before downloading it. Look for user reviews and the privacy policy of the app, either through the app store or online.
  2. Read the privacy policy and terms of use. This should be listed in the App Store/Google Play Store and available before you download the app. Information about who your data is shared with should be made clear in the privacy policy. Note that the existence of a privacy policy does not necessarily mean your data will be private.
  3. Try to use apps without entering personal information, if that is allowed.
  4. Lock your phone with a PIN or password. If possible, set your phone to automatically lock when not in use.
  5. Treat a mobile phone as you would your computer – don’t click on suspicious or unknown links or attachments.
  6. Be suspicious if an app asks for data that is not related to its main use, or if it asks you for permission to access functions on your mobile that seem unrelated.
  7. Decide if an app really needs access to your location, contacts, calendar, etc before you give it permission to access them.
  8. If you stop using an app, delete it. If the app allows, delete your account and other data.
  9. Avoid texting or emailing sensitive information unless you are using a secure system.
  10. Give feedback on the app developers especially if you’ve been pestered by third parties or advertisers.
  11. If you’re technically savvy, you may be able to view application logs or audit files to confirm that the app is doing what it says it is and not anything it shouldn’t be.
  12. For web apps, try to use those that have the prefix https instead of http. The 's' in https means the connection between your device or browser and the remote system is encrypted (or coded), which helps to significantly reduce the risk of a third party ‘eavesdropping’ on your connection and stealing your data.

More useful information

What is a privacy policy?

The privacy policy sets out how an app uses and protects any information that you give to the app owner while using the app. A clear privacy policy can tell you what permissions an app requires before you download it, such as geo-location, book, camera, phone call and contacts access. If you are not comfortable with an app that is asking for many permissions, you should avoid downloading it.

Is your data being shared with a third party or advertiser?

Mobile applications, especially apps that you download for free, depend on advertising to make money. They may share personally identifiable information about you with advertisers, or allow ad networks to track you. Almost all apps send non-personal data about how you use an app to data analytics services. If an app collects your universal device ID (UDID) or embeds a unique ID in the app, analytics data can be tracked back to you personally. 

Where is your data stored – on your device or in the cloud? 

The information your mobile app stores may be stored temporarily while it does its processing, or the data may be persistent, in order to build up a history.

  • Temporary data is usually stored on your device, either on the phone itself or on a removable media (SD) card. 
  • Often this temporary data will be associated with something an app can do, even when you’re not connected.
  • In many cases even though the app has used the data and no longer needs it, it will not delete the data. You can usually clean this up in your phone’s settings by clearing the cache.
  • Persistent data may also be stored on the phone itself or on an SD card connected to your phone. However, apps often also send data to the internet to be stored in the cloud. Once the data has left your phone, it may be impossible to control how it is shared and whether it can be deleted once it is no longer useful to you.

Learn more

The following resources have useful information on how to keep yourself and your family safe online.

Staying safe online – 2018 quick reference guide Advice, tips and how-to guides for social media, online shopping, safe search and more. Netsafe, NZ, 2018

Five ways you can stay smart online Australian Digital Health Agency

References

  1. A deep dive into the privacy and security risks for health, wellness and medical apps iapp.org, 2015
  2. Security and privacy analysis of mobile health applications: the alarming state of practice IEEE Access, 2018
  3. Security and privacy issues related to the use of mobile health apps Australasian Conference on Information Systems, 2014
  4. Mobile health applications put millions of users’ privacy and security at risk, researchers find Cost, Australia, 2018
Credits: Health Navigator Editorial Team. Reviewed By: Alan Holmes, domain architect, healthAlliance Last reviewed: 25 Aug 2018