With smartphone and wearable technology taking over our daily lives, health and wellness apps have grown in vast numbers. Consumers have been ecstatic with mobile health apps. There are fitness trackers, calorie counters, pedometers, sleep monitors, and everything in between, with the touch of a screen that conveniently fits in your pocket or on your wrist. Health matters – smokers can stop smoking, couples wanting to get pregnant can do so with the aid of an app, and weight loss and nutrition is manageable. A problem that has arisen with the increased production of these apps is: are they safe? We’re talking about privacy, folks. A study was done to find and address the mobile health security issues that consumers and app developers are facing today. They lay out the problem, and it’s our job to find the solution.
UK NHS Health Library conducted the cross-sectional study analyzing the data over 6 months with 79 apps (both Android and iOS) that claimed to be trustworthy and clinically safe. In short, what they discovered was that many health and wellness apps were sending personal info that was not encrypted. There is a potential for a “man-in-the-middle attack” - personally sensitive information being at risk for manipulation in the wrong hands. There’s a potential for consumers to be the victims of identity theft when much of their personal information is claimed “secure”. Certainly, the apps send out information and sell the data to third parties specifically designed for advertising – although not personally sensitive info. For instance, a smoking prevention app may suggest nicotine patches, etc. But in the wrong hands, your data can be used against you. This brings up the “doctor-patient” confidentiality - the apps being developed are by companies that are outside this standard. It could potentially be a huge risk for legal and liability issues. Sensitive information stored or sent insecurely is a concern that app developers need to address when individuals are hesitant to get a mobile health app because a lack of trust is present.
The study suggested that there is a weakness in design of these apps, which deems them untrustworthy. If certain principles and guidelines are followed in the creation of health and wellness apps, this can be avoided. Encryption of personal data is a must. As an eHealth app developer, you need to be aware of these risks to the individuals, otherwise who will buy your app if consumers are more aware of identity theft and manipulation of personal information than you are? As a consumer myself, I have a health app that tracks how many steps I take in a day and what foods I am eating. If they are sending out my personal information unencrypted (there’s a chance they certainly are) why would I want to keep using that app? In a world where cyber security is unavoidable, app developers need to take precautions for the sake of their individuals.
Solutions to establishing more trust between consumers and developers remain in managing the risks – creating guidelines to adhere to where data is encrypted and stored locally rather than going out to who knows where? Prevention of an attack by an unwanted outsider lies in the strength of design and encryption - protecting and maintaining privacy.
People want to be healthy; keep that in mind. We’d rather not see a decrease in mobile health apps, but trust is important in this day and age of neverending data. What will you do to help consumers? Go with the flow or swim upstream?
Don't forget to check out how to conduct mobile health app privacy impact assessment (PIA) before pushing your app to an app store.