The data you share with health apps or apps in general is supposedly under lock and key, but how certain are you that your confidentiality isn’t at risk? 

Unbeknownst to you, in many cases that data is shared with someone else: Google, Facebook Inc or other third party apps.

Remember the spring of 2018? The much hyped Facebook scandal which almost gave some politicians and other influencers a cardiac arrest?

In pieces published by the New York Times and the Guardian, it was brought to the attention of the public that their sweetheart social media platform had given a political consulting firm ‘Cambridge Analytica’  access to the data of around 87 million users without their consent. 

This harrowing experience shook everyone to the core and this sharing of information and breach of privacy put Facebook’s credibility in serious doubt.

Feeling Insecure all of a sudden?

Let’s talk about it in depth and understand how it’s done and how it can be avoided. We are all pretty much aware of Facebook’s notoriety and data stealing shenanigans. Let’s dig deeper anyway.

This data collection and stealing process begins right after a user registers.

You’ll be amazed to know that it isn’t just limited to users. Facebook account or not, the social media giant likes keeping tabs on everyone. Chances are it knows you. This was revealed in a study and test by The Wall Street Journal

The study also revealed that the apps often share this data without any prominent or specific disclosure.

This wouldn’t be the first time albeit, there are many scenarios and scandals that involve apps sharing data with the giants of Silicon Valley.

But what happens to our data?

The wall street journal findings in depth

The study was shared and published in the beginning of this year. If you’re active, you must have heard it in the news.

The Wall Street Journal found out that certain health apps were sharing user information with Facebook. Some of these apps included period-tracking app, a heart-rate monitoring app and a home buying app.

According to the WSJ report, apps besides the Facebook’s ecosystem can and do share user data with the company to make it easier to reach existing and new users on the platform through ads.

Another privacy-violating aspect highlighted by this report was that health and fitness apps shared data ranging from diet and workout activities to a user’s ovulation cycle and pregnancy (Imagine that!).

It further added that Facebook receives data from various kinds of apps. At least 11 out of 70 renowned apps, as tested by the Journal, sent potentially sensitive information to Facebook.

Another study revealed that around 29 out of 36 mental health apps (not named in the public release) were sharing data with Facebook as well as Google for advertising or analytics purposes.

Chances are, your favourite app really is more concerned with making a buck out of your data.

How is the data sent?

This potentially sensitive data was sent using SDK, Facebook’s software-development kit, which helps developers integrate certain features into their apps.

Facebook’s SDK provides analytical service to these developers to help understand the user trends.

The TechCrunch Report

In January this year, TechCrunch also added a report highlighting the same issue. Facebook had paid teenagers to install an application. This app allowed the company to collect all smartphone and internet activity. In other words, Facebook had distributed an application that was only meant for employees to test apps prior to their release. Owing to the very reason, Apple then annulled some of the developer privileges from Facebook.

These apps included the period-tracking app Flo Period & Ovulation Tracker.

Another study actually then revealed the names of some of those apps:

  • Skyscanner
  • TripAdvisor
  • Instant Heart Rate: HR Monitor
  • And MyFitnessPal

These are the ones you know now, but how many apps exactly are sharing your data? One cannot even begin to fathom.

Third-Party Sharing

Let’s talk about user data and third-party sharing.

According to a study published in the British Medical Journal, researchers ran an analysis tool several times using different user profiles to determine what kind of user data was being leaked when the app was in use, and who it was leaked to.

Results were astonishing. As many as 19 of the 24 apps shared data outside of the app with a total of 55 entities further owned by parent companies. 

The information sharing involved users’ emails and device ID to drug lists and medical conditions. Some data was also shared with the apps’ parent companies. Third party data was shared with the reporting tools, which help the product perform.

Guess who received highest volumes of data?

Amazon and Alphabet, the parent company of Google, followed by Microsoft.

But… But this is mobile advertising!

In response to this revelation of breach of privacy, a Facebook spokesperson told CNBC and I quote,

“Sharing information across apps on your iPhone or Android device is how mobile advertising works and is an industry standard practice. The issue is how apps use information for online advertising. We require app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data. We also take steps to detect and remove data that should not be shared with us.”

The question is, do they? The scandal last year says otherwise. Perhaps our trust in everything web-related is misplaced.

Smartphones and Privacy Spectrums

Apple or Android?

The privacy factor depends a lot on the kind of smartphone you’re using, where you live and how cautious you are. Apple’s iPhone health apps are reviewed for privacy concerns before they’re added to app store-so there’s a layer of protection built in for users. On the other hand, being an Android user you are more at risk.

Not so long ago, German researchers did a detailed analysis of 60 different Android health apps and found out that none of them practiced informing users about privacy.

In other words, you probably aren’t aware of what you’re agreeing to when you type in personal information and agree to random pop-up notifications.

Cherry on top? A number of fitness apps don’t have a privacy policy at all?

Trust or not to Trust?

I don’t know about you but I am very disappointed in my health app and

if Hamlet was a millennial his concerns would be the same as yours and mine, not his deceitful uncle. 

The only solution to this data-sharing issue is to verify that an app has a privacy policy. How often do you check or read it thoroughly?

However, all you can do is check where exactly is your data going before you become a devout and try sticking to apps with trustworthy sources like health care providers and the government.