Faculty of Nursing, University of Toronto, Suite 130, 155 College St, Toronto, ON, Canada, M5T 1P8
School of Pharmacy, Charles Perkins Centre, The University of Sydney, Sydney, NSW, Australia.
BMJ. 2019 Mar 20;364:l920. doi: 10.1136/bmj.l920.
To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers.
Traffic, content, and network analysis.
Top rated medicines related apps for the Android mobile platform available in the Medical store category of Google Play in the United Kingdom, United States, Canada, and Australia.
24 of 821 apps identified by an app store crawling program. Included apps pertained to medicines information, dispensing, administration, prescribing, or use, and were interactive.
Laboratory based traffic analysis of each app downloaded onto a smartphone, simulating real world use with four dummy scripts. The app's baseline traffic related to 28 different types of user data was observed. To identify privacy leaks, one source of user data was modified and deviations in the resulting traffic observed.
Identities and characterisation of entities directly receiving user data from sampled apps. Secondary content analysis of company websites and privacy policies identified data recipients' main activities; network analysis characterised their data sharing relations.
19/24 (79%) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties). 18 (33%) provided infrastructure related services such as cloud services. 37 (67%) provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks. Network analysis revealed that first and third parties received a median of 3 (interquartile range 1-6, range 1-24) unique transmissions of user data. Third parties advertised the ability to share user data with 216 "fourth parties"; within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data.
Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.
研究顶级药品相关移动应用程序(apps)是否以及如何共享用户数据,并描述应用程序用户(临床医生和消费者)面临的隐私风险。
流量、内容和网络分析。
在英国、美国、加拿大和澳大利亚的 Google Play 医疗商店类别中,对顶级药品相关的安卓移动平台应用程序进行分析。
通过应用程序商店爬虫程序识别出的 821 个应用程序中的 24 个。所包括的应用程序与药品信息、配药、管理、处方或使用有关,且均为互动式应用程序。
对每个下载到智能手机上的应用程序进行实验室基础流量分析,使用四个虚拟脚本模拟真实世界的使用情况。观察应用程序与 28 种不同类型用户数据相关的基线流量。为了识别隐私泄露,修改了用户数据的一个来源,并观察由此产生的流量偏差。
从采样应用程序中直接接收用户数据的实体的身份和特征。对公司网站和隐私政策的二级内容分析确定了数据接收者的主要活动;网络分析描述了他们的数据共享关系。
24 个采样应用程序中有 19 个(79%)共享用户数据。有 55 个独特的实体,由 46 个母公司所有,接收或处理应用程序用户数据,包括开发人员和母公司(第一方)和服务提供商(第三方)。其中 18 个(33%)提供基础设施相关服务,如云服务。37 个(67%)提供与用户数据的收集和分析相关的服务,包括分析或广告,这表明存在更高的隐私风险。网络分析显示,第一方和第三方收到用户数据的中位数为 3 (四分位距 1-6,范围 1-24)次独特传输。第三方广告宣传能够与 216 个“第四方”共享用户数据;在这个网络中(n=237),实体能够访问用户数据的中位数为 3 (四分位距 1-11,范围 1-140)次独特传输。一些公司在网络中占据中心位置,有能力聚合和重新识别用户数据。
用户数据的共享是常规的,但远非透明。临床医生在使用应用程序时应意识到隐私风险,并在推荐应用程序时,将可能失去隐私作为知情同意的一部分进行解释。隐私法规应强调那些控制和处理用户数据的人的责任。开发人员应披露所有数据共享行为,并允许用户精确选择共享的数据和与谁共享。
