NHS-Approved Health Apps May Put Users’ Privacy at Risk

According to a new study, health apps accredited by the NHS could be putting users’ privacy unnecessarily at risk. Some of them may not be adequately protecting personal information from hackers.

Researchers from Imperial College London and Ecole Polytechnique CNRS in France reviewed 79 apps that were listed on the NHS Health Apps Library in July 2013, and were available to download on Android and Apple phones. The apps were assessed over 6 months by inputting simulated information, tracking the handling of this information, and looking at how this complied with privacy policies.

The results showed that around a third of the apps were sending identifiable information, such as passwords and personal details, over the internet with no encryption. Four of the apps were also sending unencrypted information about health and lifestyle, leaving it vulnerable to hackers. One in six of the apps sent information to third parties, such as advertisers, despite privacy policies not mentioning this could happen.

“It is known that apps available through general marketplaces had poor and variable privacy practices, for example, failing to disclose personal data collected and set to a third party,” says lead researcher Kit Huckvale, a PhD researcher in mobile health at Imperial College London. “However, it was assumed that accredited apps – those that had been badged as trustworthy by organisational programmes such as the UK’s NHS health apps library – would be free of such issues.”

He adds: “Our study suggests that the privacy of users of accredited apps may have been unnecessarily put at risk, and challenges claims of trustworthiness offered by the current national accreditation scheme being run through the NHS.”

The researchers have not named the apps in question, but have alerted NHS Choices to their findings, which have been published in the journal BMC Medicine.

A spokesperson for NHS Choices says: “We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated. A new, more thorough NHS endorsement model for apps has begun piloting this month.”