Wearable devices and fitness apps …. and privacy risks

August 11, 2014 |

Wearable fitness, health devices are becoming de rigour wear for the health conscious and for those who keen to know their personal rhythms.  As the article Tech giants gambling on health technology makes clear, it is also big business.  These devices and apps involve an almost continuous data stream of personal information.  The privacy issues are obvious but poorly regulated in Australia and beyond.

The article provides:

When pharmacist Thuan Vuu plays basketball, he laces his feet into a pair of Nike Hyperdunk+ shoes fitted with a sensor that sends data to his iPhone. He can see how far he’s run and how high he’s jumped, and by setting himself goals – he aims for at least two kilometres per game – he can not only play to win, but also have a benchmark for a successful workout.

The trim and cheerful 29-year-old from Fairfield, Sydney, also has a Fitbit activity tracker, which measures steps taken, calories burnt and movement during sleep. His phone’s SleepBot app records sleeping activity, a Wahoo cadence meter reports how hard he pedals his pushie, and an Adidas miCoach chest strap and foot pod log his heart rate, step pace and G forces while training.

He logs his spending on YouNeedABudget.com and has bought the Meitrack device for his car to track his driving habits. He weighs himself on Aria Wi-Fi smart scales – and lost six kilograms by noting and varying his diet – and is thinking of buying the Cue at-home lab kit, which tests for five factors including vitamin D levels.

Vuu shows me his Withings Pulse, a device that can be worn like a watch. He places his finger on its sensor, and after a pause it flashes 71bpm for his heart rate, and 99 per cent for his blood oxygen level.

 ‘‘That’s pretty high,’’ he says of his heart rate, confessing he’s not yet found a use for his blood oxygen level. ‘‘When I wake up it’s 55 to 60. The higher the pulse, the more stressed you are. By putting a number to it you get more understanding of it.’’ He uses the information to see how hard he’s working out, and if he needs to up the intensity. It’s also given him an insight into his general level of health – he sees a lot of sick people as a pharmacist and wants to stay well.

Vuu has a long way to go with his about $1000 of gear before emulating American Chris Dancy, who has up to 700 systems recording data about himself, including a smart mattress cover, or graphic designer Nicholas Felton, who produces an annual report of his life. But they are all part of a movement called lifelogging, where people record aspects of their lives, helped by specialist tech becoming cheaper and more powerful.

Microsoft researcher Gordon Bell began a project called MyLifeBits in 2004 where he digitally stored ‘‘a lifetime’s store of everything’’, including pictures taken automatically from a camera worn around his neck, with everything searchable. He says there are different kinds of lifelogging, with visual or audio capture at the ‘‘extreme’’ end, then professional logging, for example, recording all web pages visited with Evernote, and personal logging the use of social media.

Wearable cameras such as Autographer and Narrative Clip, which clip to your clothes and take snaps every 30 seconds or so, took another decade to hit the market. British designer Lulu Guinness launched a $1250 handbag with in-built automatic camera on July 30. The privacy implications could be considerable, especially if married with the NameTag app, which developers want to release here –  they say it can retrieve someone’s public online presence from one picture. Vuu has ordered a photo logger called Parashoot, which takes a picture every minute – he thinks it’ll be a handy hands-free camera on holidays. Bell says visual logs can help people with fading or impaired memories to recall events – the MemeXerciser system, designed at Carnegie Mellon University in America, is a ”cognitive coach” for Alzheimer’s sufferers.

The privacy problems are set out by the Privacy Rights Clearinghouse in Mobile Health and Fitness Apps: What Are the Privacy Risks? which provides:

 The health-tracking wearable technology Vuu adopted has been more hype than hit to date, with just 2.9 million devices sold worldwide in the first quarter of the year, compared to 300 million smartphones. Now Apple is said to be gambling big on the concept, with more than 10 health-linked sensors rumoured for its new watch due for release this year.

Vuu is a member of the Sydney Quantified Self group, the local chapter of a global group at the vanguard of using self-tracking for self-improvement, so the gadget fan doesn’t mind spending six hours a week reviewing his data. But to hit the big time, health lifelogging surely needs to be easier to use.

‘‘The convenience factor drives the adoption,’’ says MIT graduate Peter Klement, co-founder of the Sydney-based iHealth4Me startup, which aims to turn data into health recommendations, like a computerised personal health coach. ‘‘The core piece is the analytics.’’ He says the challenge has been working out how different factors work together – he tells how research is showing DNA sequencing can indicate the best type of exercise – and says a limited test will begin in about September. Klement thinks most of their clients will be corporate: there’s interest from Medibank, and he thinks HR departments may use it to see if health investments they make such as gym memberships are paying off.

Mike Halligan and personal trainer David Banks, from Melbourne, co-founded the BodyWise app, which provides health guidance based on information from Fitbit and the Jawbone wristband.

‘‘If you give this data to a personal trainer they’ll be able to recommend dozen of things, all based on things that are quantifiable and put into a formula,’’ Halligan says. ‘‘Why not have an app that can do the same thing, scientifically and medically based, at a point they need it?’’

BodyWise can make 40 recommendations, including hydration tailored to the intensity of your workout, or make a judgment on how many carbs you’re eating based on your activity. Could it replace a personal trainer? ‘‘Yes, in some ways, in others it complements them – they might see a client for 90 minutes each week, and the rest of the time have no control over them.’’ Research into health tracking shows interesting results.

Professor Judy Kay, from the University of Sydney’s school of information technology, says the gadgets are more than just boys’ toys, though. “I would expect wearables would appeal to women at least as much as men – given the uptake of other ways to enhance health – if they’re easy to use and to wear, like the Fitbit.”

Kay says people who share data tended to record more steps on their Fitbit. She suggests such behaviour could be innate: ‘‘I don’t know if you’ve seen an average primary school classroom but gold stars work really well. You’ve got four teams and if you do something really good the team gets a star. We’re not so different from our kids.’’

Vuu has a soccer-playing mate who runs twice as far as he does during basketball: ‘‘In a way you do get envious. You’re seeing and comparing if you’re doing as much work as others.’’

Kay says she feels “cheated” if she forgets to wear her Fitbit when she goes for a walk. “Ten thousand steps that didn’t get counted!’’ Turning tasks into games can help people who have suffered a cardiac event stick to a health regime, for example. Kay – who thinks health tracking will go mainstream – says she’s surprised how addictive it can be.

Clinical psychologist Leslie Posen, from Melbourne, measures his blood glucose and heart-rate levels several times a day, and is about to buy wearables that will track other body functions, such as breathing. He uses the information to help him focus and perform better.

‘‘As the idea says, you can’t manage what you can’t measure,’’ he says. Posen now measures how his patients feel, rather than asking them to estimate it themselves.

‘‘We’re going to undergo a paradigm shift in how we practise over the next 10 years. We change technology and sometimes unwittingly the technology changes us.’’

Bell predicts the main use of self-tracking will be in recalling the past. He says the question to ask is: Will lifelogging give you a gain? ‘‘The financial costs are generally so low that the big costs are human time costs.’’ He was due to meet a new puppy later that day, and would use his Basis activity tracking watch to test whether it helped lower his heart rate, as puppies are supposed to.

The report provides:

1. Introduction

Mobile applications (apps) are entering the market for smartphones and tablets at such a pace that numbers become outdated almost as soon as they are published. To put it in perspective:

  • In June 2009, the Apple App Store offered 50,000 apps; by June 2013, there were 900,000 apps available, with 375,000 of them native to the iPad.
  • Google Play is expected to pass the 1 million mark as of June 2013. In March 2009, as Android Market, it had 2,300 applications.
  • Just over 50% of U.S. cell phone users now have smartphones, and that number is expected to rise to 79% by 2017.
  • As of December 2012, about 50 million people in the U.S. owned a tablet.

Mobile is the consumer technology of the moment. The number of applications available to mobile device users appears set to continue its exponential growth. The Privacy Rights Clearinghouse decided to look at the information practices of one category of mobile apps in which the sensitivity of personal information is particularly significant—those that fall under the broad heading of health and fitness. Most of the information in this fact sheet comes from that study, which was funded by a grant from the California Consumer Protection Foundation.

We analyzed 43 health and fitness apps (23 free and 20 paid) on the Apple iOS and Android platforms, and highlight the major consumer privacy risks in this guide. This guide also provides tips for users deciding whether to download an app and how best to take advantage of health and fitness apps while protecting your personal privacy.

2. What are health and fitness apps?

Mobile health and fitness apps comprise a significant segment of the app universe.  In fact, there are so many different types of applications in the health and fitness space that it’s difficult to categorize them. This Fact Sheet focuses on what we consider “wellness” apps, for consumer use.  It does not focus on applications that integrate with medical treatment or are intended for health professionals.

Wellness apps include those that support diet and exercise programs; pregnancy trackers; behavioral and mental health coaches; symptom checkers that can link users to local health services; sleep and relaxation aids; and personal disease or chronic condition managers.

Some apps are interactive, and others are informational. Consumers use some to participate in a program, and others to look up information about diseases or medications, nutritional values of restaurant food, horoscopes or baby names, to highlight just a few examples. A number of apps are simply mobile magazine subscriptions for health and lifestyle publications.

There are several options for downloading health and fitness applications. Many developers have websites where you can download their apps, and Amazon has a large selection. However, it’s probably easiest and most common to use the App Store for iOS applications and Google Play for Android. You can search both by app name or type and can read about an app before you download it. You can find out what the app does (although not necessarily the information it collects), see sample screens—and sometimes videos of how an app operates–read user reviews, link to the developer’s website and link to other comparable apps.   

If the app has a privacy policy—and many do not—it is increasingly common to find it (or a link to it) prior to download.  In Google Play you can also see what permissions an app requires of your mobile device before you download it. If you are unable to find a privacy policy through either app store, you may be able to find one on the developer’s website.  If there is no website, there may not be a privacy policy either.

3. What are the risks to consumers of using mobile health and fitness applications?

Mobile health and fitness applications pose a number of privacy risks—both general and specific—that consumers who use them should consider.

General concerns with using mobile devices and applications:

  • Mobile devices—smartphones and tablets—are ideal tracking tools. They are Internet- and geo-location-enabled, people carry them almost everywhere they go, and users rarely turn them off.  They offer great consumer benefits, such as continuous Internet access and apps for finding directions and services.  But at the same time, mobile devices and the apps people download can be highly privacy invasive. 
  • The mobile applications ecosystem is largely unregulated. This is a particular concern with health and fitness apps, which often collect both demographic and medical (or medical-like) information. None of this data is covered by existing regulations that protect the privacy and security of personal health information; it has only whatever protections the developer’s privacy policy affords—if there is a privacy policy at all. Also, many health and fitness apps allow and encourage users to share what you might consider sensitive information via social media.  Once information is public you have little to no control over it.

Specific risks of using mobile health and fitness applications:

  • Many health and fitness applications collect a great deal of personal information. Apps may prompt users to enter a name, email address, age, gender, height, weight, and photo.  They may also ask for lifestyle information. For example, the app may ask questions about food consumption and exercise habits.

When you use the app, you create a record—of your diet, daily exercise, glucose readings, pregnancy, menstrual cycle. As noted above, this information has no regulatory protection.Legal note for California residents: California’s Confidentiality of Medical Information Act (CMIA) may apply to mobile applications that collect what the federal HIPAA regulations define as “protected health information” (PHI).  However, CMIA’s applicability is unclear. Under the CMIA, the question is whether a mobile health and fitness or wellness application developer’s business is organized for the purpose “… of maintaining medical information in order to make the information available to an individual or to a provider of health care at the request of the individual or a provider of health care, for purposes of allowing the individual to manage his or her information, or for the diagnosis and treatment of the individual shall be deemed  to be a provider of health care. . . .” Cal. Civ. Code § 56.06(a).

  • Mobile applications, especially apps that you download for free, depend on advertising to make money. They may share personally identifiable information with advertisers, or allow ad networks to track you. Almost all applications send de-identified (non-personal) data about how you use an application to data analytics services. If an application collects your UDID (universal device ID) or embeds a unique ID in the application you download, de-identified analytics data can be tracked back to you personally.
  • Many mobile applications have poor security. Although they may have a privacy policy that says they protect the privacy and confidentiality of your information, more often than not, they transmit it unencrypted and over insecure network connections—HTTP, rather than HTTPS. They may also transmit information that includes your disease or pharmaceutical search terms—for sexually transmitted diseases or anti-psychotic drugs, for example—in the clear and viewable by anyone watching on the network.

4. PRC’s analysis of mobile health and fitness app developers’ information practices.

The PRC study of mobile health and fitness apps looked at developers’ information practices from two vantage points: the consumer-user experience and a computer scientist’s analysis of what was going on behind the user interface – “under the hood”, so to speak. The goals of the project were to discover as much as possible about:

  • What information a range of health and fitness applications collect.
  • Whether apps have privacy policies and how thorough and technically accurate they are.
  • What privacy policies acknowledge doing with personal and non-personal information they collect.
  • How developers’ actual information practices correlate with their privacy policies, through technical analysis of the apps.
  • The extent to which users have access to and control over the information an app collects, both when installing the app and after using it.

5. What were the major consumer-level and technical-level findings of PRC’s study of mobile health and fitness applications?

Our mobile medical apps project has resulted in several reports: consumer-level findings, a technologist’s report, tips for app developers, a webinar, and the evaluation criteria for our app analysis.  The major findings are summarized below in this section. For more detailed information, you can link to the additional documents in Section 7.  

If you want to learn how to minimize risk to your health privacy when using mobile medical apps, skip the following discussion of project findings, and read our consumer tips

5.1      Consumer-level findings

The main things we looked for at the consumer level were:  

  • How much notice did developers give users about their information practices? Was there a privacy policy? How complete is it in terms of including recognized Fair Information Practices? How accessible is the policy? How readable is it to someone with a high school education?
  • How much access and control over personal information did an application give users? Are they able to update and correct their personal profiles? Can they delete any personal information entirely? What choices do users have about sharing both personal and de-identified information?

The table summarizes the highlights of our consumer-level findings about the quality of notice in the privacy policies of free and paid health and fitness applications, along with the availability of some user controls of information.

The acronym PII stands for “personally identifiable information.”

 

Free apps

Paid apps

App has link to website privacy policy

43%

25%

Notifies user that privacy policy does not apply to 3rd party links

48%

25%

Notifies user that personal information made public is not protected

57%

15%

Shares user-generated PII data with advertisers

43%

5%

Shares aggregate (non-PII) data with marketers

52%

55%

Uses anonymized (non-PII) data for analytics

70%

70%

Contact info: developer’s email address listed in policy

57%

100%

Can opt out of developer/vendor sharing data with 3rd parties

57%

30%

Can opt in to data sharing with 3rd parties

35%

30%

Most recent date of analysis: May 7, 2013

5.2      Technical findings

The technical analysis assigned risk levels to the applications tested based on the amount of personal information they collected, along with our judgment as to the sensitivity of that information. We assigned risk based on the criteria below, on a scale of 0-9. For the sake of convenience, this numerical rating scale was converted to “high,” “medium,” “low,” “none”:

  • High risk (7-9)—includes address, financial info, full name, health information, geo-location, date of birth (DOB), ZIP code
  • Medium risk (4-6)—enhanced privacy risk to PII; email, first name, friends, interests, weight, potentially embarrassing/sensitive info
  • Low risk (1-3) —moderately low risk; anonymous tracking, device information, a third party knows the individual is using a mobile medical app
  • No risk (0) — no PII or health-related information

Based on these criteria, we determined the following:

  • 40% of the apps were high risk (17 of the 43 apps)
  • 32% of the apps (14 of 43) were medium to high risk
  • 28% of the apps (12 of 43) were low to medium risk
  • none of the apps were evaluated to be no risk

The technical analysis identified the three main technical causes of informational privacy risks in mobile health and fitness apps to be the following:

  • Unencrypted network connections:  Insecure network communications posed the greatest risk to privacy. Only a single paid application used HTTPS (SSL) exclusively for all of its network connections. None of the apps used additional encryption (such as PGP), for secure transmission of personal information.
  • Advertising: The next greatest risk to the privacy of users’ personal information was apps that sent personal information to advertisers to use for serving personally targeted ads. This occurred far more often with free applications (43% of 23 apps analyzed) than with paid apps (only one of 20 analyzed). This should be expected, because free apps often rely on advertising as their only source of revenue, while paid apps depend on app sales to generate most of their revenue and rarely include advertising.
  •  Analytics:  Data that apps transmit to third-party analytics services also present a serious privacy risk. Almost all applications collect and send non-personally identifiable usage data to third parties for analysis, in order to “improve the user experience” and for developers’ own marketing purposes. We observed that data with privacy-invasive details of usage behavior is generally sent over HTTP, not HTTPS (for example, What information did you access to deal with PTSD symptoms? What store products’ bar codes did you scan with your phone for enhanced nutrition and calorie information? Which STDs did you research in an app’s symptom checker?). This data can potentially be collected in a central database that links an individual’s usage of other apps that employ the same analytics services. We found that 55% of paid and 60% of free apps which we investigated use third-party analytics services.

 

6. Tips

Mobile health and fitness apps offer many benefits and are very convenient to use. Because they collect a great deal of personal information in ways that are not currently regulated and have generally poor information security practices, balancing the risks versus benefits of using them before jumping in is a reasonable thing to do.

  • Make your own assessment of an app’s creepiness or intrusiveness based on the personal information it asks for in order to use the app. For example, what information are you putting into a personal profile that you might not want advertisers to have or to become public? Are you giving away information about a disease or mental condition or a pregnancy problem that could have negative repercussions for you if it ends up with data brokers? Consider, too, the possibility of negative emotional repercussions of discussing private matters—such as your weight or a miscarriage—in an application-based chat group.
  • Assume that any information you provide to an app may be distributed to the developer, to third-party sites the developer may use for functionality, and to unidentified third-party marketers and advertisers.  Only provide information you are comfortable with the app sharing with those third parties.
  • Try to limit your input of personal information and exercise caution  when you share it. Widespread sharing may have as much impact on personal safety as it does on privacy. This is particularly true of location sharing, for example, of your running or bicycling route in a time-and-distance competition with other app users.
  • Ask a tech savvy friend to help you figure out what permissions an app asks for, and help you turn off the ones that appear to be unnecessary for the app to function. For example, you may want to disable location services, or the always-on setting, which eats up battery charge.
  • Research the app before you download it. Although it’s difficult to evaluate the validity of a great deal of information on the Internet, try to assess how credible the app developer is.  Look for user reviews either through the app store or online.  If you do not find a privacy policy through the app store, you can look for the developer’s website on your home computer or larger mobile device (such as a tablet) so you are not limited by screen size.  Assess the quality and content of information on the website, including the privacy policy. Find any relevant contact information and contact the developer with questions. And finally, you can often learn about the app or the developer in the media.
  • For maximum privacy, consider only using paid health and fitness apps.  If you’re sensitive about your information privacy, avoid applications that embed advertising or that seem to be primarily about selling products related in some way to the purpose of the app.
  • If an app allows you, try the features first without entering personal information. Some apps give you the option of trying out the features without entering personal information. Take advantage of this opportunity when it’s offered to decide whether you want to proceed with using the app at all.
  • If you stop using an app, delete it.  You will free up some memory to download other apps, and it won’t continue to do things like broadcast your location or interact with other apps on your device—or remain in “always on” mode, draining your battery.
  • If you have the option, also delete your personal profile and the data archive you’ve created by using the app—of your food intake, exercise routines, pregnancy stages, etc. You can’t recall what’s already been shared or that you’ve made public, but you may be able to prevent continuing use of stored data after you’re no longer using the app.

This has prompted concerns in the US Congress with Senator Charles Schumer asking the Federal Trade Commission to investigate the use of fitness data gathered from bracelets and applications.

One Response to “Wearable devices and fitness apps …. and privacy risks”

  1. Wearable devices and fitness apps …. and privacy risks | Australian Law Blogs

    […] Wearable devices and fitness apps …. and privacy risks […]

Leave a Reply





Verified by MonsterInsights