Skip to Main Content

Health apps, like prescription drugs, come with side effects, it turns out. A new study has found that an astoundingly large number of health apps may be sharing users’ medical information. Many can also switch on smartphone cameras and make changes to the software on your phone.

What was found:

More than 80 percent of the 211 diabetes apps studied did not have privacy policies. And out of a randomly selected subset of 65 apps, 56 of them (86 percent) used tracking cookies, which could allow them to send information about the user to other companies, such as marketing firms, according to the analysis, published Tuesday in the Journal of the American Medical Association.

Why it matters:

Co-author Sarah Blenner, now at the University of California, Los Angeles, warned that the sharing or selling of personal information could lead to discrimination. Users with certain medical profiles, for instance, could have a tougher time getting life insurance.


The apps are not bound by Health Insurance Portability and Accountability Act, or HIPAA  — the federal privacy law that governs doctors and insurance plans. “They are free to trade, sell, and use the information in any way that they want,” said Mark Rothstein, an expert on health privacy at the University of Louisville.

Keep in mind:

There’s a lot more than blood glucose tracking on these apps. When Blenner and her colleagues analyzed the fine-print permissions that all users have to accept before downloading a diabetes app, they found that 17 percent asked to track the user’s location, 11 percent sought to switch on the smartphone camera, and 64 percent requested the ability to delete or modify information anywhere on the user’s phone.


Experts say this is hardly limited to diabetes apps.

The bottom line:

Most health apps are completely unregulated. If you don’t want your information shared or the memory on your phone tampered with, be very careful about which apps you choose to download.