Assessing the privacy of mHealth Apps for self tracking: A heuristic evaluation approach

Luke Hutton, Blaine Price, Ryan Kelly, Ciaran McCormick, Arosha Bandara, Tally Hatzakis, Maureen Meadows, Bashar Nuseibeh

Research output: Contribution to journalArticle

6 Citations (Scopus)
9 Downloads (Pure)

Abstract

Background: The recent proliferation of self-tracking technologies has allowed individuals to generate significant quantities of data about their lifestyle. This data can be used to support health interventions and to monitor outcomes. However, this data is often stored and processed by vendors who have commercial motivations, and thus it may not be treated with the sensitivity of other medical data. As the sensors and applications which enable self-tracking continue to become more sophisticated, the privacy implications become more severe in turn. However, methods for systematically identifying privacy issues in such applications are currently lacking.
Objective: The aim of this work is to understand how current mass-market applications perform with respect to privacy. We do this by introducing a set of heuristics for evaluating privacy characteristics of self-tracking services.
Methods: We conduct an analysis of 64 popular self-tracking services, using our heuristics to determine the extent to which the services satisfy various dimensions of privacy. We then use descriptive statistics and statistical models to explore whether any particular categories of app perform better than others in terms of privacy.
Results: The majority of services examined (a) fail to provide users with full access to their own data, (b) do not acquire sufficient consent for use of the data, or (c) inadequately extend controls over disclosures to third parties. We found that the type of app, in terms of the category of data collected, was not a useful predictor of its privacy. However, we found that apps which collect health-related data (e.g. exercise, weight) perform worse for privacy than apps designed for other types of self-tracking.
Conclusions: Our study draws attention to the poor performance of current self-tracking technologies in terms of privacy, motivating the need for standards that can ensure future self-tracking applications are stronger with respect to upholding users’ privacy. Our heuristic evaluation method supports retrospective evaluation of privacy in self-tracking apps and can be used as a prescriptive framework to achieve privacy-by-design in future applications.
Original languageEnglish
Article numbere185
JournalJMIR mHealth and uHealth
Volume6
Issue number10
DOIs
Publication statusPublished - 22 Oct 2018

    Fingerprint

Cite this

Hutton, L., Price, B., Kelly, R., McCormick, C., Bandara, A., Hatzakis, T., ... Nuseibeh, B. (2018). Assessing the privacy of mHealth Apps for self tracking: A heuristic evaluation approach. JMIR mHealth and uHealth, 6(10), [e185]. https://doi.org/10.2196/mhealth.9217