Huckvale K, Torous J, Larsen ME. (2019). Assessment of the data sharing and privacy practices of smartphone apps for depression and smoking cessation. JAMA Network Open. 2(4): e192542. doi: 10.1001/jamanetworkopen.2019.2542
Researchers compared privacy policies and data transmission practices of the top 10 mobile applications (apps) for depression and smoking cessation in the American and Australian app stores for Android and iOS. Researchers conducted two searches for “depression” and “smoking cessation” in each app store for and included the top 10 apps from each search for analysis, resulting 36 unique apps. Privacy policies and other relevant documentation (e.g. terms of use) for each app were reviewed for information concerning data use. Researchers also downloaded and simulated use of each app, and intercepted all network traffic generated during use. Most apps (n=25; 69%) included a privacy policy, 23 (92%) of which mentioned possible data transmission to a third party. Interception of network traffic indicated that 33 (92%) apps shared data with a third party; 9 (27%) of these had no privacy policy, 5 (15%) did not mention data transmission in their privacy policy, and 3 (9%) stated that transmission to a third party would not occur. Of the apps transmitting data to a third party, 2 (6%) included individually reported health status information and 1 (3%) included usernames. More apps (24; 73%) used anonymized advertising identifiers. Google and Facebook were popular destinations for data transmission (n=29; 81%). Researchers note that identifying data sharing within many of the apps analyzed often relies on a user’s literacy in digital privacy and emphasize that relying on privacy policies and similar documentation may not be adequate for identifying privacy risks within behavioral health apps.