Flors-Sidro José Javier, Househ Mowafa, Abd-Alrazaq Alaa, Vidal-Alaball Josep, Fernandez-Luque Luis, Sanchez-Bocanegra Carlos Luis
Information Systems Department, Consorci Hospitalari Provincial de Castelló, Castelló de la Plana, Spain.
Division of Information and Computing Technology, College of Science and Engineering, Hamad Bin Khalifa University, Doha, Qatar.
JMIR Diabetes. 2021 Jan 13;6(1):e16146. doi: 10.2196/16146.
Mobile health has become a major vehicle of support for people living with diabetes. Accordingly, the availability of mobile apps for diabetes has been steadily increasing. Most of the previous reviews of diabetes apps have focused on the apps' features and their alignment with clinical guidelines. However, there is a lack of knowledge on the actual compliance of diabetes apps with privacy and data security guidelines.
The aim of this study was to assess the levels of privacy of mobile apps for diabetes to contribute to the raising of awareness of privacy issues for app users, developers, and governmental data protection regulators.
We developed a semiautomatic app search module capable of retrieving Android apps' privacy-related information, particularly the dangerous permissions required by apps, with the aim of analyzing privacy aspects related to diabetes apps. Following the research selection criteria, the original 882 apps were narrowed down to 497 apps that were included in the analysis.
Approximately 60% of the analyzed diabetes apps requested potentially dangerous permissions, which pose a significant risk to users' data privacy. In addition, 28.4% (141/497) of the apps did not provide a website for their privacy policy. Moreover, it was found that 40.0% (199/497) of the apps contained advertising, and some apps that claimed not to contain advertisements actually did. Ninety-five percent of the apps were free, and those belonging to the "medical" and "health and fitness" categories were the most popular. However, app users do not always realize that the free apps' business model is largely based on advertising and, consequently, on sharing or selling their private data, either directly or indirectly, to unknown third parties.
The aforementioned findings confirm the necessity of educating patients and health care providers and raising their awareness regarding the privacy aspects of diabetes apps. Therefore, this research recommends properly and comprehensively training users, ensuring that governments and regulatory bodies enforce strict data protection laws, devising much tougher security policies and protocols in Android and in the Google Play Store, and implicating and supervising all stakeholders in the apps' development process.
移动健康已成为支持糖尿病患者的主要手段。相应地,糖尿病移动应用的可用性一直在稳步增加。之前对糖尿病应用的大多数综述都集中在应用的功能及其与临床指南的一致性上。然而,对于糖尿病应用在实际遵守隐私和数据安全指南方面的情况,人们了解不足。
本研究的目的是评估糖尿病移动应用的隐私水平,以提高应用用户、开发者和政府数据保护监管机构对隐私问题的认识。
我们开发了一个半自动应用搜索模块,能够检索安卓应用与隐私相关的信息,特别是应用所需的危险权限,旨在分析与糖尿病应用相关的隐私方面。按照研究选择标准,最初的882个应用被缩减至497个纳入分析。
约60%的被分析糖尿病应用请求了可能危险的权限,这对用户的数据隐私构成重大风险。此外,28.4%(141/497)的应用未提供其隐私政策的网站。而且,发现40.0%(199/497)的应用包含广告,一些声称不包含广告的应用实际上有广告。95%的应用是免费的,属于“医疗”和“健康与健身”类别的应用最受欢迎。然而,应用用户并不总是意识到免费应用的商业模式很大程度上基于广告,因此基于直接或间接向未知第三方分享或出售他们的私人数据。
上述发现证实了教育患者和医疗保健提供者并提高他们对糖尿病应用隐私方面认识的必要性。因此,本研究建议对用户进行适当且全面的培训,确保政府和监管机构执行严格的数据保护法律,在安卓系统和谷歌应用商店制定更严格的安全政策和协议,并让应用开发过程中的所有利益相关者参与并受到监督。
