Privacy “Fail” for Popular Health Apps

Privacy Rights Clearinghouse’s recent study found that many health and fitness apps are lacking on the privacy front. The report evaluated 43 paid and free apps in the health and fitness categories on Google Play and and Apple’s App Store. The privacy-focused non-profit discovered that many of these apps lacked privacy policies, failed to encrypt data and failed to notify users that data is transmitted to third parties. “given the often sensitive nature of health data stored on wellness apps, which can range from weight loss trackers to blood glucose monitors, apps used for health purposes should be adhering to a much higher standard of privacy and security protection,” said Beth Givens, founder and director of PRC. 

According to the report:

  • 13 percent of free apps and 10 percent of paid apps encrypt all data connections and transmissions between the app and the developer’s website.
  • 39 percent free apps and 30 percent of paid apps send data to someone not referenced by the developer in the app or privacy policy.
  • 26 percent of free apps and 40 percent of paid apps did not have a privacy policy.
  • 43 percent of free apps and 25 percent of paid apps provided a link from the app to a privacy policy on the developer’s site.

Perhaps if these developers had used PRC’s best practices for mobile apps,  these apps would have received a better grade!


Comments { 1 }

App Quality Alliance’s Privacy Guidelines

The App Quality Alliance (AQuA) has updated their mobile application development Best Practice Guidelines to incorporate consumer privacy-focused recommendations. The update is designed to help mobile developers address topics such as “users’ rights, location data, and information security and accountability.”

Working directly with the GSM association (GSMA), the guidelines take on a privacy-by-design approach: “The Best Practices are what you can use when you’re designing your application, and trying to work out how you should some of these aspects so you can avoid any errors in the early design stage.”

Comments { 0 }

Rep. Hank Johnson Introduces The “Apps Act”

Rep. Hank Johnson (D-GA) introduced the “Apps Act,” a bill  that would require developers to have privacy policies detailing their data sharing practices. Developers would also need to obtain consent from consumers before collecting data and securely maintain the data they collect. The proposed bill is based off of AppRights, the Congressman’s online effort to build mobile privacy legislation from the bottom up. “These engaged citizens also wanted simple controls over privacy on devices, security to prevent data breaches, and notice and information about data collection on the device,” Johnson said when officially announcing the bill at yesterday’s State of the Mobile Net Conference. “The Apps Act answers the call.”


Comments { 0 }

California Attorney General Speaks About Mobile Privacy

At yesterday’s workshop titled, “Future of Privacy + Innovation,” held at U.C. Hastings, participants heard from thought leaders on the evolving privacy space for app developers. California Attorney General Kamela Harris spoke to the audience about the need to balance consumer privacy and innovation while finding new ways to innovate on privacy: “Let’s not stop the innovation. I don’t want to shut it down…But what we do have to do is give the user information, and let the user, not anyone else, make the choice about the trade off.”  The AG urged developers to give consumers the appropriate “tools” to let them make choices regarding uses their information.  Ultimately, developers need to be aware of the legal and privacy requirements they must fulfill when building apps.

Comments { 0 }

California AG & UC Hastings’s Privacy Project Present “Future of Privacy + Innovation” Workshop

The California Attorney General and UC Hasting’s Privacy and Technology Project is holding a workshop, “Future of Privacy + Innovation” for app developers in California. Participants will hear from thought leaders at the intersection of technology, entrepreneurship, and policy, on the future of privacy and innovation. The Workshop will cover the evolving privacy space for application developers as we strive to balance consumer privacy and innovation, and find new ways to innovate on privacy. 

The workshop will be held on Wednesday, April 10th.

Click here for more details!


Comments { 0 }

Apple Announces No More UDIDs

Apple stated on its developer blog that starting May 1st, ”the App Store will no longer accept new apps or app updates that access UDIDs. Please update your apps and servers to associate users with the Vendor or Advertising identifiers introduced in iOS 6.”

In August 2011, Apple announced that it would phase out third party use of UDIDs – third party app developers were instructed to stop tracking iPhone, iPod Touch, and iPad users by the unique identifier number attributed to each of its devices and instead, create their own unique identifiers. Apple provided the Advertising Identifier, an alternative to the UDID, when it released iOS 6 last September. The recent Apple iOS 6.1 update included the option to reset this “non-permanent, non-personal, device identifier” feature, that is located below the Limit Ad Tracking feature.

As Gigaom notes, by May 1st the Advertising Identifier will have been available for eight months, “plenty of time for those who want to understand how their apps are being used to switch over to the new system.”

Comments { 0 }

Google+ Platform’s New “Application Sign-In”

Google has added a new feature to their Google+ platform:  application sign-in. As stated on their developer blog, “whether you’re building an app for Android, iOS or the web, users can now sign in to your app with Google, and bring along their Google+ info for an upgraded experience. It’s simple, it’s secure, and it prohibits social spam. And we’re just getting started.” 

Depending on the permissions that the app requests and the user chooses to authorize, mobile and web developers can accept Google sign-ins and gain access to Google+ social sharing. According to CNET, “aggressive sharing” –  sharing items with specific Google+ users that appear in their public streams – requires affirmative user consent. We look forward to learning more about this new feature as developers integrate the Google+ sign-in with their apps – stay tuned!


Comments { 0 }

No Love From Us For New Private Locker App

Just in time for Valentine’s Day, a developer released a new iOS app that hides your private photos and videos from prying eyes. We are always excited by the prospect of privacy-friendly apps, but we are disappointed by the app’s lack of transparency. Ironically called, Private Locker for Photo and Video, the developer posted no privacy policy in the app store, within the app or on the developer’s website.  Though we assume the app simply creates a protected folder on your phone, there is no way to know whether data is sent back to the developer in Thailand. And as the app asks for location and sends data to ad networks, would it be too much to ask for some brief privacy info?


Comments { 0 }

Star Trek App Uses Sensory Data

Named after the upcoming Star Trek film by director J.J. Abrams, “Star Trek Into Darkness,” is one of the first apps available in the US to utilize Gimbal‘s new ”context awareness platform.” Developed by Qualcomm labs, Gimbal, “expands the ecosystem of offerings that are turning the smartphone into the new digital ‘sixth sense,’ opening up new ways for app developers, service providers, brands, agencies and other industries to offer contextualized utility and new user experiences.” The Star Trek app is a great example of how apps are now starting to use a wider range of sensors.

Furthermore, Gimbal keeps privacy in mind by making its platform opt-in, as well as requiring that the user, ”explicitly allow applications to access the data collected by Gimbal, all of which is stored directly on your device, rather than in the cloud.” That way, users won’t scream “KHAAAN” when the app uses your data! 



Comments { 0 }

BlackBerry’s New Privacy Notice System

BlackBerry has rolled out a new privacy notification service that issues notices to app developers and consumers anytime it finds a BlackBerry World app that “does more than consumers might think.” As stated on their website, “Privacy notices are for applications that do not appear to have malicious objectives or aim to mislead customers, but rather don’t clearly or adequately inform users about how the app is accessing and possibly managing customers’ data. These notices provide information about an application’s behavior in order for customers to make an informed decision about whether to continue using the app. In addition, privacy notices will provide information on how to remove the application, if a customer determines that’s the best course of action for them.”

We have reached out to the folks at BlackBerry regarding the details of this service and are excited to learn more. Stay tuned!





Comments { 0 }
Privacy Policy
Do / Tools
Rate and Review Applications