论心理健康应用程序的隐私问题：一项实证调查及其对应用程序开发的启示。

On the privacy of mental health apps: An empirical investigation and its implications for app development.

作者信息

Iwaya Leonardo Horn, Babar M Ali, Rashid Awais, Wijayarathna Chamila

机构信息

Centre for Research on Engineering Software Technologies, The University of Adelaide, Adelaide, SA 5005 Australia.

Cyber Security Cooperative Research Centre (CSCRC), Joondalup, Australia.

出版信息

Empir Softw Eng. 2023;28(1):2. doi: 10.1007/s10664-022-10236-0. Epub 2022 Nov 8.

DOI:10.1007/s10664-022-10236-0

PMID:36407814

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC9643945/

Abstract

UNLABELLED

An increasing number of mental health services are now offered through mobile health (mHealth) systems, such as in mobile applications (apps). Although there is an unprecedented growth in the adoption of mental health services, partly due to the COVID-19 pandemic, concerns about data privacy risks due to security breaches are also increasing. Whilst some studies have analyzed mHealth apps from different angles, including security, there is relatively little evidence for data privacy issues that may exist in mHealth apps used for mental health services, whose recipients can be particularly vulnerable. This paper reports an empirical study aimed at systematically identifying and understanding data privacy incorporated in mental health apps. We analyzed 27 top-ranked mental health apps from Google Play Store. Our methodology enabled us to perform an in-depth privacy analysis of the apps, covering static and dynamic analysis, data sharing behaviour, server-side tests, privacy impact assessment requests, and privacy policy evaluation. Furthermore, we mapped the findings to the LINDDUN threat taxonomy, describing how threats manifest on the studied apps. The findings reveal important data privacy issues such as unnecessary permissions, insecure cryptography implementations, and leaks of personal data and credentials in logs and web requests. There is also a high risk of user profiling as the apps' development do not provide foolproof mechanisms against linkability, detectability and identifiability. Data sharing among 3rd-parties and advertisers in the current apps' ecosystem aggravates this situation. Based on the empirical findings of this study, we provide recommendations to be considered by different stakeholders of mHealth apps in general and apps developers in particular. We conclude that while developers ought to be more knowledgeable in considering and addressing privacy issues, users and health professionals can also play a role by demanding privacy-friendly apps.

SUPPLEMENTARY INFORMATION

The online version contains supplementary material available at 10.1007/s10664-022-10236-0.

摘要

未标注

现在越来越多的心理健康服务通过移动健康（mHealth）系统提供，比如移动应用程序（app）。尽管心理健康服务的采用率有前所未有的增长，部分原因是新冠疫情，但因安全漏洞导致的数据隐私风险担忧也在增加。虽然一些研究从不同角度分析了移动健康应用程序，包括安全性，但对于用于心理健康服务的移动健康应用程序中可能存在的数据隐私问题，证据相对较少，而这些应用程序的用户可能特别脆弱。本文报告了一项实证研究，旨在系统地识别和理解心理健康应用程序中包含的数据隐私。我们分析了谷歌应用商店中排名前27的心理健康应用程序。我们的方法使我们能够对这些应用程序进行深入的隐私分析，包括静态和动态分析、数据共享行为、服务器端测试、隐私影响评估请求以及隐私政策评估。此外，我们将研究结果映射到LINDDUN威胁分类法，描述威胁在研究的应用程序上是如何表现的。研究结果揭示了重要的数据隐私问题，如不必要的权限、不安全的加密实现，以及日志和网络请求中个人数据和凭证的泄露。由于应用程序的开发没有提供防止可链接性、可检测性和可识别性的万无一失的机制，因此用户画像的风险也很高。当前应用程序生态系统中第三方和广告商之间的数据共享加剧了这种情况。基于本研究的实证结果，我们提出了一些建议，供移动健康应用程序的不同利益相关者，特别是应用程序开发者考虑。我们得出结论，虽然开发者在考虑和解决隐私问题时应该更有见识，但用户和健康专业人员也可以通过要求使用隐私友好型应用程序发挥作用。

补充信息

在线版本包含可在10.1007/s10664-022-10236-0获取的补充材料。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/2706/9643945/ae6d1c4b6976/10664_2022_10236_Fig1_HTML.jpg

相似文献

On the privacy of mental health apps: An empirical investigation and its implications for app development.

Empir Softw Eng. 2023;28(1):2. doi: 10.1007/s10664-022-10236-0. Epub 2022 Nov 8.

Exploration of Reproductive Health Apps' Data Privacy Policies and the Risks Posed to Users: Qualitative Content Analysis.

J Med Internet Res. 2025 Mar 5;27:e51517. doi: 10.2196/51517.

Privacy, Data Sharing, and Data Security Policies of Women's mHealth Apps: Scoping Review and Content Analysis.

JMIR Mhealth Uhealth. 2022 May 6;10(5):e33735. doi: 10.2196/33735.

Patients and Stakeholders' Perspectives Regarding the Privacy, Security, and Confidentiality of Data Collected via Mobile Health Apps in Saudi Arabia: Protocol for a Mixed Method Study.

JMIR Res Protoc. 2024 May 22;13:e54933. doi: 10.2196/54933.

How private is your mental health app data? An empirical study of mental health app privacy policies and practices.

Int J Law Psychiatry. 2019 May-Jun;64:198-204. doi: 10.1016/j.ijlp.2019.04.002. Epub 2019 Apr 28.

Analysis of Diabetes Apps to Assess Privacy-Related Permissions: Systematic Search of Apps.

JMIR Diabetes. 2021 Jan 13;6(1):e16146. doi: 10.2196/16146.

Mobile health and privacy: cross sectional study.

BMJ. 2021 Jun 16;373:n1248. doi: 10.1136/bmj.n1248.

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

JMIR Mhealth Uhealth. 2015 Jan 19;3(1):e8. doi: 10.2196/mhealth.3672.

Analyzing security issues of android mobile health and medical applications.

J Am Med Inform Assoc. 2021 Sep 18;28(10):2074-2084. doi: 10.1093/jamia/ocab131.

Pulse Oximeter App Privacy Policies During COVID-19: Scoping Assessment.

JMIR Mhealth Uhealth. 2022 Jan 27;10(1):e30361. doi: 10.2196/30361.

引用本文的文献

From operating room to recovery: Evidence and gaps in cardiac surgical nursing integrative psychological support.

World J Psychiatry. 2025 Jul 19;15(7):107103. doi: 10.5498/wjp.v15.i7.107103.

Quality and Privacy Policy Compliance of Mental Health Care Apps in China: Cross-Sectional Evaluation Study.

J Med Internet Res. 2025 Jul 3;27:e66762. doi: 10.2196/66762.

Telepsychiatry and Artificial Intelligence: A Structured Review of Emerging Approaches to Accessible Psychiatric Care.

Healthcare (Basel). 2025 Jun 5;13(11):1348. doi: 10.3390/healthcare13111348.

A Narrative Review of the Digital Equity Gap of Apps for Cigarette Smoking Cessation for Persons Living in the Hispanosphere.

Curr Addict Rep. 2024 Dec;11(6):1025-1035. doi: 10.1007/s40429-024-00607-6. Epub 2024 Nov 6.

Unresolved ethical questions of mHealth apps for Alzheimer's disease prevention.

Med Health Care Philos. 2025 Sep;28(3):473-485. doi: 10.1007/s11019-025-10272-9. Epub 2025 May 26.

Podcasts in Mental, Physical, or Combined Health Interventions for Adults: Scoping Review.

J Med Internet Res. 2025 May 7;27:e63360. doi: 10.2196/63360.

Digital interventions in mental health: An overview and future perspectives.

Internet Interv. 2025 Apr 2;40:100824. doi: 10.1016/j.invent.2025.100824. eCollection 2025 Jun.

Expert and Interdisciplinary Analysis of AI-Driven Chatbots for Mental Health Support: Mixed Methods Study.

J Med Internet Res. 2025 Apr 25;27:e67114. doi: 10.2196/67114.

Usability of a mobile app for suicide risk awareness in South Korea.

Digit Health. 2025 Feb 26;11:20552076251322666. doi: 10.1177/20552076251322666. eCollection 2025 Jan-Dec.

Initial Requirements for the Prototyping of an App for a Psychosocial Rehabilitation Project: An Integrative Review.

Int J Environ Res Public Health. 2025 Feb 18;22(2):310. doi: 10.3390/ijerph22020310.

本文引用的文献

Challenges With Developing Secure Mobile Health Applications: Systematic Review.

JMIR Mhealth Uhealth. 2021 Jun 21;9(6):e15654. doi: 10.2196/15654.

How private is your mental health app data? An empirical study of mental health app privacy policies and practices.

Int J Law Psychiatry. 2019 May-Jun;64:198-204. doi: 10.1016/j.ijlp.2019.04.002. Epub 2019 Apr 28.

Assessment of the Data Sharing and Privacy Practices of Smartphone Apps for Depression and Smoking Cessation.

JAMA Netw Open. 2019 Apr 5;2(4):e192542. doi: 10.1001/jamanetworkopen.2019.2542.

Availability, readability, and content of privacy policies and terms of agreements of mental health apps.

Internet Interv. 2019 Mar 6;17:100243. doi: 10.1016/j.invent.2019.100243. eCollection 2019 Sep.

Mobile Health Systems for Community-Based Primary Care: Identifying Controls and Mitigating Privacy Threats.

JMIR Mhealth Uhealth. 2019 Mar 20;7(3):e11642. doi: 10.2196/11642.

Reviewing the data security and privacy policies of mobile apps for depression.

Internet Interv. 2018 Dec 20;15:110-115. doi: 10.1016/j.invent.2018.12.001. eCollection 2019 Mar.

Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach.

JMIR Mhealth Uhealth. 2018 Oct 22;6(10):e185. doi: 10.2196/mhealth.9217.

The Complexity of Mental Health App Privacy Policies: A Potential Barrier to Privacy.

JMIR Mhealth Uhealth. 2018 Jul 30;6(7):e158. doi: 10.2196/mhealth.9871.

Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies.

Am J Geriatr Psychiatry. 2017 Aug;25(8):873-877. doi: 10.1016/j.jagp.2017.04.009. Epub 2017 Jun 1.

Privacy Policies of Android Diabetes Apps and Sharing of Health Information.

JAMA. 2016 Mar 8;315(10):1051-2. doi: 10.1001/jama.2015.19426.

文献AI研究员

20分钟写一篇综述，助力文献阅读效率提升50倍。

立即体验

用中文搜PubMed

大模型驱动的PubMed中文搜索引擎

马上搜索

文档翻译

学术文献翻译模型，支持多种主流文档格式。

立即体验

论心理健康应用程序的隐私问题：一项实证调查及其对应用程序开发的启示。

On the privacy of mental health apps: An empirical investigation and its implications for app development.

作者信息

机构信息

出版信息

UNLABELLED

SUPPLEMENTARY INFORMATION

未标注

补充信息

相似文献

引用本文的文献

本文引用的文献

文献AI研究员

用中文搜PubMed

文档翻译

Suppr 超能文献

相似文献

引用本文的文献

本文引用的文献