A Qualitative Analysis Framework for mHealth Privacy Practices

TL;DR

This paper presents a new qualitative framework for evaluating privacy practices in mHealth apps, analyzing 152 apps to reveal ongoing privacy issues despite existing regulations.

Contribution

It introduces a novel framework for assessing privacy practices in mHealth apps and applies it to identify prevalent privacy violations and risks.

Findings

Widespread health information leakage to third-party trackers

Neglect of privacy-by-design and transparency principles

Persistent privacy concerns despite regulations

Abstract

Mobile Health (mHealth) applications have become a crucial part of health monitoring and management. However, the proliferation of these applications has also raised concerns over the privacy and security of Personally Identifiable Information and Protected Health Information. Addressing these concerns, this paper introduces a novel framework for the qualitative evaluation of privacy practices in mHealth apps, particularly focusing on the handling and transmission of sensitive user data. Our investigation encompasses an analysis of 152 leading mHealth apps on the Android platform, leveraging the proposed framework to provide a multifaceted view of their data processing activities. Despite stringent regulations like the General Data Protection Regulation in the European Union and the Health Insurance Portability and Accountability Act in the United States, our findings indicate persistent issues with negligence and misuse of sensitive user information. We uncover significant instances of health information leakage to third-party trackers and a widespread neglect of privacy-by-design and transparency principles. Our research underscores the critical need for stricter enforcement of data protection laws and sets a foundation for future efforts aimed at enhancing user privacy within the mHealth ecosystem.