Free Health Apps, Search Keywords Are a Threat to Privacy: Report

Free health and fitness applications were more of a threat to privacy than paid apps, according to a report from Privacy Rights Clearinghouse.

Privacy Rights Clearinghouse (PRC), a nonprofit focused on consumer privacy, has released a study showing that mobile health and fitness apps threaten a user's privacy with search loopholes and a lack of encryption.

Paid health apps had a lower risk than free apps of violating privacy because they require advertising for revenue, according to the report, "Technical Analysis of the Data Practices and Privacy Risks of 43 Popular Mobile Health and Fitness Applications," unveiled on July 16.

With less of a need for advertising, paid apps are less like to share data with third parties, said Craig Michael Lie Njie, founder and CEO of Kismet World Wide Consulting, who carried out the study between March and June 2013. The California Consumer Protection Foundation funded the project.

"Paid apps do not have a lot of advertising embedded," Lie Njie said. "They were just providing the core functionality because the people paying for the app are the ones driving the revenue stream," Lie Njie told eWEEK.

The free apps drive advertising with keywords that could draw on the user data, he suggested.

Developers of free mobile software are "basically delivering the apps so they can provide advertising and analytics to a third party, and that's where the revenue stream comes from," Lie Nijie said. "Those kinds of technologies are generally the more privacy invasive."

In a paid app, advertising and revenue models are more closely aligned with consumers, he noted.

Still, even though paid health apps tended to be more secure than free apps, paid apps also pose a danger to privacy, according to Lie Njie. Developers of paid apps sent data to their servers in the clear using HTTP, he noted.

A privacy risk found among the apps was the tendency to use HTTPs over HTTP, according to Lie Njie.

Many health apps transmit unencrypted data and connect to third-party sites without a patient's knowledge, PRC reported.

For his technical evaluation, Lie Njie studied mobile apps that aid with diet and exercise, pregnancy, behavioral and mental health. Apps included symptom checkers and relaxation aids as well as those that help people manage chronic conditions.