Aptly for Data Privacy Day, research from Uswitch has revealed the top five health apps collecting the most data on you, as well as steps from mobiles expert, Catherine Hiley, you can take to keep your data safe.
Whenever we use apps on our phones, our data is up for grabs. Brands like Facebook run their whole business model around selling ads – and it’s our personal data that allows them to do that all too easily.
Now, Apple’s new privacy labels, allow us to keep tabs on what data each app collects, from name, age and address, to much more private data such as your weight or sexual activity.
So how do the most-popular health apps stack up when it comes to data collection?
- MyFitnessPal: 20 out of 24 data points
This guy is the worst offender. MyFitnessPal tracks diet and exercise, gamifying the experience to motivate users to scan the barcodes of various food items into the app’s large pre-existing database.
The app collects the most data out of the whole list, ranging from name and age, all the way through to more private information such as body mass index (BMI) and fitness level.
How to manage your privacy settings on the app:
“You can tweak the settings of your app to control what information you make public to your friends and what data you keep private,” says Uswitch mobiles expert Catherine Hiley.
“You can also stop MyFitnessPal from sharing your location data by going to the right-hand corner of the app and selecting more > privacy centre > personalisation.
“Unfortunately, we couldn’t find a setting to opt-out of third-party data sharing.”
2. Fitbit: 18 out of 22 data points
Fitbit dominates the fitness app market with almost 60% of the share of all users who use fitness-tracking apps.
It also happens to dominate the list of companies who collect personal data from their users, collecting 18 out of 22 items of data which include social media information and ‘female health’. That’s not creepy at all.
How to manage your privacy settings on the app:
“During the setup process, you can deny access to most personal information by changing your account settings in the app,” says Catherine.
“Looking at the privacy policy in more detail, we found that Fitbit aggregates and anonymises data to share with marketing partners. And it doesn’t look like there’s a way to opt-out of this.”
3. Strava: 17 out of 22 data points
Strava has almost 50 million users across the globe and has a total of three billion activity uploads, meaning they hold massive amounts of data about each of their users.
It’s one of the most popular apps on the market and collects a whole range of data including location and email address.
Although users own the rights to all of their workouts, posts and routes, Strava’s privacy policy states that it reserves the right to use it which has confused some users in the past.
How to manage your privacy settings on the app:
“When you download the app and sign up, you give Strava automatic access to all of your data, including the public mapping feature. This element could reveal where you live or exercise, so be sure to manually change the settings before use,” says Catherine.
“The app guides users through this and we found it very easy to do, so all our information remained private.”
4. Flo: 15 out of 22 data points
Now we get into even creepier territory with fertility app, Flo. Used by more than 30 million people around the world to monitor their feminine health, recently the app has been in the news regarding privacy concerns.
Out of all the period tracking apps in the study, Flo collects the most data with 15 out of 22 data points which include mental wellbeing and sexual activity.
How to manage your privacy settings on the app:
“There are some very simple settings within the privacy section of the app that you can toggle on or off depending on your preference. But it’s worth noting that these need to be turned on or off manually once you have signed up for an account with Flo.
“Interestingly, Flo has a dedicated data protection officer who you can contact about any data privacy concerns,” Catherine points out.
5. Headspace: 14 out of 22 data points
Headspace was one of the first mindfulness and meditation apps on the market, reaching more than 62 million users across the globe. The app is full of audio meditation sessions that users can tap into, but it’s also collecting plenty of data too.
Of the mindfulness apps in the study, Headspace asks for the most personal user data with 14 out of 22 data points collected, including location and family/marital status.
How to manage your privacy settings on the app:
Catherine says, “Headspace says that they will use personal data to inform the way that the app interacts with you via email and in-app adverts. But it’s pretty simple to opt-out using the in-app options.
“But, as with most apps in the research, you need to remember to manually go through this process, as the default settings don’t protect your data.”
Catherine also shares advice for mobile phone users looking to safeguard their personal information:
“While we can’t be sure of the true intentions of each and every app, there are some steps users can take to better protect their personal data,” Catherine remarks.
Do your research before downloading and installing an app
“Before you install any app, check the reviews to find out what other users have said about it. If you’re not sure, don’t download and install.”
Be wary before agreeing to permissions
“If an app asks for permissions that it really shouldn’t need to function, then you should question the reason for it asking to collect that data. For example, why should Headspace or Flo need to know your location?” says Catherine.
Keep your apps up to date and delete any that you don’t use
“It’s likely that your phone has far too many apps. Deleting the ones you don’t use will help your battery life and protect you from any potential privacy problems.
“It might be tempting to avoid updating your apps, but it’s key to ensuring that your data and personal information is secure.”
Keep on top of your mobile app permissions
Catherine concludes, “Did you know that many apps can still function without all of the permissions they might ask you to agree to?
Why not experiment with different combinations of permissions to see if you can safeguard your personal information.”
