Security and privacy of health apps

Security and privacy of health apps

  • Tips to improve your safety and security around health apps.
  • With new healthcare apps and devices being created every day, it's important to take care of how your personal health information is collected and used. On this page, you can learn about keeping yourself safe when using health apps.
yellow unaunahi tile
Print this page

Many health apps collect a range of personal information and have poor security. This means it's not always possible to control who accesses your data, when they access it, how they access it and whether you are informed about your data being accessed.
  • Your personal health data is unique, and includes personal information about you and your health.
  • If your personal health data is leaked someone might use it for their own gain. It could be used to cause you financial loss or harm to your reputation.
  • It is different from your financial data, which is better protected. For example, if your credit card number is stolen, you can block that number and have a new number issued.

Although apps may have a privacy policy that says they protect the privacy and confidentiality of your information, they may transmit that data unencrypted (not coded) and over unsecure network connections. This puts it at risk of being accessed by someone else.

Mobile applications, especially apps that you download for free, depend on advertising to make money.

 
Tips to improve your safety and security around health apps 
Research the app before installing it

Research the app developer before you install the app. The app developers name is usually in the 'Read more' section of the app summary in the app stores. Check if the developers have a valid website and if they seem credible. Also look for user reviews and check if other people have complained about issues with security and privacy, including 
being pestered by third parties or advertisers. If in doubt, leave it out - do not download the app.  
Read the privacy policy and terms of use 

This should be listed in the App Store/Google Play Store and available before you download the app. Information about who your data is shared with should be made clear in the privacy policy. If you are not happy, don't use the app.
Note that the existence of a privacy policy does not necessarily mean your data will be private.
Avoid signing up to apps with your Google or Facebook account 

Your information could be shared through these parties. When signing up, do not use a name that identifies you - use a false name. Keep your personal email safe by creating a ‘junk’ email address which you only use for signing up online. Also, try to use apps without entering personal information, if that is allowed.
Be aware of permissions 

Be suspicious if an app asks for data that is not related to its main use, or if it asks you for permission to access functions on your mobile that seem unrelated. Decide if an app really needs access to your location, contacts, calendar, etc before you give it permission to access them.
Be careful when sharing sensitive information

Avoid sharing your name and any personal information unless you are using a secure system.
Lock your phone 

Locking your phone with a PIN or password is one of the best ways you can protect your data. If possible, set your phone to automatically lock when not in use.
Be careful when clicking on links
 
Don’t click on suspicious or unknown links or attachments. Treat your mobile phone as you would your computer.
Delete apps you are not using 

If you stop using an app, delete it. If the app allows, delete your account and other data.

Give feedback 

Send your feedback to the developers and the app stores if you have been pestered by third parties or advertisers.

The privacy policy sets out how an app uses and protects any information that you give to the app owner while using the app. A clear privacy policy can tell you what permissions an app requires before you download it, such as geo-location, book, camera, phone call and contacts access. If you are not comfortable with an app that is asking for many permissions, you should avoid downloading it.

Mobile applications, especially apps that you download for free, depend on advertising to make money. They may share personally identifiable information about you with advertisers, or allow ad networks to track you. Almost all apps send non-personal data about how you use an app to data analytics services. If an app collects your universal device ID (UDID) or embeds a unique ID in the app, analytics data can be tracked back to you personally. 

The information your mobile app stores may be stored temporarily while it does its processing, or the data may be persistent, in order to build up a history.

  • Temporary data is usually stored on your device, either on the phone itself or on a removable media (SD) card. 
  • Often this temporary data will be associated with something an app can do, even when you’re not connected.
  • In many cases even though the app has used the data and no longer needs it, it will not delete the data. You can usually clean this up in your phone’s settings by clearing the cache.
  • Persistent data may also be stored on the phone itself or on an SD card connected to your phone. However, apps often also send data to the internet to be stored in the cloud. Once the data has left your phone, it may be impossible to control how it is shared and whether it can be deleted once it is no longer useful to you.

The following resources have useful information on how to keep yourself and your family safe online.

New Zealand
Staying safe online(external link) Advice, tips and how-to guides for social media, online shopping, safe search and more. Netsafe, NZ
How to improve your online privacy and security(external link)(external link) Netsafe, NZ
App guidance(external link)(external link) Privacy Commissioner, NZ
e-Learning privacy online(external link)(external link) New Zealand Privacy Commission 

Other
Security Tip - privacy and mobile device apps(external link)(external link) Cybersecurity and Infrastructure Security Agency (CISA), US
Understanding mobile apps(external link)(external link) Federal Trade Commission, US
Five ways you can stay smart online(external link)(external link) Australian Digital Health Agency
mHealth app guidelines(external link) Joint AMA/Xceria, US 
Mobile security(external link)(external link) Communications Security Establishment, Canada
Identity 101(external link)(external link) Canadian Cyber Security Centre, Canada

  1. A deep dive into the privacy and security risks for health, wellness and medical apps(external link)(external link) iapp.org, 2015
  2. Security and privacy analysis of mobile health applications: the alarming state of practice(external link)(external link) IEEE Access, 2018
  3. Security and privacy issues related to the use of mobile health apps(external link)(external link) Australasian Conference on Information Systems, 2014
  4. Mobile health applications put millions of users’ privacy and security at risk, researchers find(external link)(external link) Cost, Australia, 2018
App developer: If you are the developer and would like to provide updated information about this app, please email the app library manager at hello@healthify.nz

Disclaimer: Healthify’s app library is a free consumer service to help you decide whether a health app would be suitable for you. Our review process is independent. We have no relationship with the app developers or companies and no responsibility for the service they provide. This means that if you have an issue with one of the apps we have reviewed, you will need to contact the app developer or company directly.

Factsheets – using health apps safely

How to choose a health app
Healthify He Puna Waiora, NZ

Credits: Healthify Editorial Team

Reviewed by: Alan Holmes, Domain architect, HealthAlliance

Last reviewed:

Page last updated: