How to Identify if Your Health App Is Selling Your Private Data

While they’re marketed as invaluable tools to manage and improve our well-being, health apps can have a sinister side. Unethical data sharing associated with health apps has been a hot topic in recent years, with period tracker apps taking the spotlight. Unclear privacy policies, careful wording, and a lack of transparency can leave you doubtful whether your health app is actually safe to use.

Let’s delve into the confusing areas of personal data protection, how health apps could be compromising your safety, and what to do to ensure your personal and sensitive data remains protected.

What Is Data Privacy?

Data privacy refers to the protection and legitimate handling of personal information—ensuring individuals can dictate how, when, and how much of their data is shared. It warrants that individual sensitive data is kept secure, confidential, and used only for authorized purposes. Data privacy is enforced by legal and ethical practices and regulations (including the CCPA in the U.S. and GDPR in Europe), meaning organizations and individuals have to cooperate when it comes to collecting, storing, processing, sharing, and disposing of personal data.

This all sounds fine and dandy, but as with most legitimate things in life, there are always rule-benders. With health apps and data privacy, it tends to be a game of smoke and mirrors. At face value, your health app might seem trustworthy, but it could be selling your most personal and sensitive information behind your back.

What Type of Health Apps Breach Your Privacy?

The unfortunate truth is that many health and fitness apps violate your privacy. They request a lot of personal data that other types of apps don’t require, including your body metrics, lifestyle factors, habits, sleep behaviors, mental health, and well-being status.

The types of health apps that are often at risk of privacy concerns include:

• Fertility or period trackers.
• Mental health apps.
• Symptom trackers.
• Fitness and diet tracking apps.

The worry about whether period tracker apps are safe to use has been around for years, and was further exacerbated in 2022 with the overturn of abortion protection rights in the U.S. A Privacy International feature highlights the consequential alarm surrounding period tracking apps and this law reversal, and explains how companies and developers may be ignoring privacy requirements or even allowing sensitive data to be exploited and shared.

What’s perhaps more surprising is the concern surrounding mental health apps and data privacy. Mozilla’s *Privacy Not Included Buyer’s Guide first reviewed and published the privacy and security of popular mental health apps in 2022, revealing that 23 of these apps failed to respect and protect their users’ privacy. Their failings included vague and messy privacy policies, sharing personal information with third parties, and collecting chat transcripts.

In a follow-up review in 2023, some of the same apps got worse at privacy and security—including Betterhelp, Talkspace, and Shine. This is shocking considering the sensitive and personal nature of counseling services. In an in-person therapy setting, patient confidentiality is of the highest priority, so why are the standards different for therapy apps that deal with the same highly sensitive personal data?

How to Identify Privacy Issues With Your Health Apps

While the untrustworthy implications of health apps and data privacy are both creepy and scary, you can take steps to protect yourself. The first is to learn how to identify a safe app that will respect and handle your personal data properly.

Here are some useful tools and online resources to help:

• Mozilla’s *Privacy Not Included: Read in-depth privacy reviews of a variety of apps and technology, including mental health, reproductive health, and exercise apps. *Privacy Not Included summarizes privacy policies, highlighting major problems, and warns against using the most evasive of apps when it comes to privacy and safety.
• Exodus: This French non-profit privacy audit platform allows you to search for Android applications to identify any potential embedded trackers that are designed to collect data about your or your usages. Within its resources, it explains what trackers are and what types may be harmful to your privacy.
• Terms of Service; Didn’t Read: ToS;DR is a project that was born in 2012 and aims to analyze and review data and privacy terms and conditions. It’s great for learning about what web-based health apps (such as MyFitnessPal) can do with your personal data.
• Privacy International Learning Topics: Learn more with PI’s content covering technology, privacy, autonomy, and freedom, plus read guides on how to enhance your privacy.

If you can’t find your chosen health app on these databases—or if you want to learn more about the developer’s intentions with your data—the next step is to read the app’s privacy policy.

How to Read a Privacy Policy via the App Store or App Website

Learning how to read and spot a bad privacy policy can help you protect your personal data. Each of your health apps will have a privacy policy, detailing how the company or service will handle your data.

When you download apps from your smartphone’s app store (most commonly Google Play or iOS App Store), you can usually see a summary of the app’s privacy practices. On Google Play, scroll down to the Data Safety section. On the App Store, scroll down to App Privacy to read the policy summary. Here you will find a link to read the developer’s full privacy policy (usually linked to their website.)

Red Flags In a Privacy Policy

Here are some red flags to look out for in privacy policies:

• Vague or confusing language: If you can’t easily determine how your data is collected, used, and shared due to unclear language, consider it a big red flag.
• Requests large quantities of data: If you’re met with a long list of personal data “requirements” or permissions (especially any that don’t support the app’s functionality), the health app will likely invade your privacy.
• Numerous third parties: Many privacy policies include some third parties, but if you’re met with a long list of companies without clarity on what data they “need”, it’s a red flag.
• No data retention periods: If the privacy policy fails to outline how long your data will be stored (and for what purposes), it likely has a shady attitude to your privacy.

If you encounter any of these red flags when reading a privacy policy, avoid using the app.

Otherwise, a privacy policy that is easy to read and understand, clearly communicates the data it collects, stores, and shares (with explanations of why these are necessary), and is GDPR-compliant can indicate a safer health app.

Check Consent and Opt-Out Options on Health Apps Before Signing Up

Another way to identify whether a health app is safe to use is to pay attention during the setup process. Aside from reading the privacy policy before downloading an app to your device (this is an important step as many apps like to collect your data as soon as possible), you need to ask a few important questions when launching an app for the first time.

Are you given clear opt-out options? Reputable health apps should provide clear details on how to control your data. This should include opting out of certain data sharing, marketing communications, tracking, and third-party involvement.

Are the app permissions legitimate? Before you share any personal details, check the app’s requested permissions. Does your health app really need to access your microphone and location? Requests for unnecessary permissions can indicate an unsafe app. Make sure you read the request permission description thoroughly and consider the legitimacy of its requirements.

Are you given different sign-in options? Be wary of health apps that require a social media login. Opt to use a secure email where possible rather than your social media details (which could be mined for data).

If you’re concerned about any factors of the sign-up process, do not proceed until you can be certain whether your data will remain safe.

Protecting Your Personal Data Benefits Your Health Better Than Any App

If you’re worried about any health app, stop using it immediately. Some privacy policies detail how to remove your data from an app’s database; otherwise you can request your data from a developer before deleting the app. You can also clear your app data from your device before uninstalling it from your device(s).

No health app is worth risking your well-being for. Now you know the risks of privacy invasion from health apps (or any technology for that matter), you can use this knowledge to protect your data as you filter safe health apps from the dangerous ones.