University of Toronto Study: Health Apps Share Data w/Third Parties

A new study out of the University of Toronto, published in The BMJ on Wednesday, highlights privacy issues around health apps by examining how medicine management apps share personal user data. The researchers found that most of the apps they tested shared sensitive information like medical history and demographics with third parties.

The study can be found at:

I reached out to cybersecurity experts from Tripwire and they provided the following comments:

Tim Erlin, VP, product management and strategy:

“Data sharing in health apps is just the tip of the iceberg. The reality is that consumers have little to no visibility into how their data is shared, yet data is the currency of most of these apps. Visibility is just a start, however. Consumers should have control over how and when their data is shared.”

Lamar Bailey, senior director of research:

“Although it is well known and documented that apps use customers’ data as a currency, it is particularly troubling when that data includes sensitive information such as medical records and health metrics. The wealth of information that health apps collect and store can be an appealing target for cybercriminals. It is paramount that these apps clearly state in their registration process if they plan to divulge their customers’ information to third parties, so that subscribers are able to opt out. All too often, the usage terms on usage are buried in the user agreement and the only way to opt out is to not use the app.”

What’s needed here is a lot of transparency by the writers of these apps. And if that doesn’t work, I’d be fine with laws being drafted to address this issue.



Leave a Reply

%d bloggers like this: