Using free health apps to track your sleep or periods? Be warned…

0 0

Whether they monitor sleep, count steps or track periods, nowadays there are free apps which promise to improve every aspect of your life.

But, as the saying goes, ‘there’s no such thing as free lunch’. 

That is according to experts, anyway, who say developers could be making you into the product.  

Privacy mavens warn health tracking apps – especially ones downloaded for free – may potentially use your personal health data for advertising or other commercial purposes.

Such data can include how often people have sex, if women are pregnant and how often their periods typically last. 

While your fitness tracker app might not sell your step count or workout routine directly, it could use the data to work out your daily routines

So long as you accept their T&Cs, app firms can collect data on your location, habits, activities and other sensitive information and sell this on to third parties, warns privacy specialist Beth Barker-Paton. 

She is the current associate partner at research and design consultancy Etic Lab and former director at online privacy company Kuva, which offers safe and transparent online work platforms that promises not to collect and store personal data.

‘Personal information such as the number of steps you take or how long you sleep can indeed be utilised for advertising purposes,’ Ms Barker-Paton says. 

Companies may not directly sell the health data like step counts or exercise routes, as agreed in some companies T&Cs.

But such data can be used to infer a great deal about your location, habits, and even hobbies.

This valuable information can then be sold to target you with ads for products and services based on that data, Ms Barker-Paton claims.

‘This information is sold to third parties for targeted advertising,’ she told MailOnline.

Andrew Whaley, senior technical director at tech security firm Promon, adds even if the data is anonymised, like many companies pledge to do, companies can still infer where you spend your time and built advertising portfolios around that information.   

‘If you were to look at somebody’s running routes for instance, they could be very local to where they live or where they work, so you could probably pin that down,’ he said. 

‘You might find swimming records which could be cross referenced to a gym membership. 

‘So even though those records are anonymised, if you knew enough about an individual, you might be able to identify that individual’s records.’

While all such data harvesting is concerning, experts are particularly worried about the rise of period trackers. 

Researchers at Chupadados, a Brazil based cyber security guide, looked at the terms and conditions of more than 200 period tracking apps in 2018. 

They found many of the apps made money by sharing users’ personal information to businesses to target users with specific advertisements. 

And in 2022, an analysis of the 25 most popular menstrual cycle tracker apps in the UK by the Organisation for the Review of Care and Health Apps, a company which assesses health app safety for the NHS, found as many as four out of five apps share users’ personal data with third parties. 

More recently, last September, the Information Commissioner’s Office launched a review of period and fertility tracking apps, after an increasing number of women reported concerns over data security.

It followed a poll, commissioned by the regulator, that revealed women were more worried about how their data was being used (59 per cent) and how secure this data was (57 per cent) than the cost or ease of use of an app. 

The poll also found more than half of women who used the apps experienced an increase in fertility or baby-related adverts after signing up. 

There has also been fears in the US over the data recorded by period tracking apps being used to expose women who have abortions in the wake of Roe v Wade being overturned.

Data being shared from period tracking apps is one of the most concerning, according to experts, due to the sensitive information companies can collect

Data being shared from period tracking apps is one of the most concerning, according to experts, due to the sensitive information companies can collect

Some experts have urged women to delete the apps from their phones or use encrypted versions over fears the data could be accessed by authorities in states which have now criminalised abortions.

Ms Barker-Paton warned users of period apps everywhere, especially free versions, that they could be giving away highly personal, and valuable, data.

‘Remember most if not all period apps have a free version,’ she says. 

‘And even if they charge, the only way companies can afford to provide this at scale… is because of their business model being primarily premised on selling your data. 

‘If you’re not paying for privacy, you’re paying with it.’

Data users could be giving away includes how often they have sex, if they get pregnant and how long their periods typically last.

This combined with other data, such as your location, can be used to ‘tailor advertisements more effectively’, Ms Barker-Paton says. 

She warned this was an example of the ‘surveillance economy’ where data, including that of people’s health, is a commodity to be bought and sold. 

‘It’s crucial for users, especially women, to understand that by using such apps, they might be unwittingly sharing sensitive health information that could be used for commercial purposes,’ she says. 

‘Before using such services, removing personal data from the apps and understanding the privacy implications is advisable.’ 

There is a growing interest in AI with 'many millions are paid for datasets' that are used for training AI models, Mr Whaley warns

There is a growing interest in AI with ‘many millions are paid for datasets’ that are used for training AI models, Mr Whaley warns

But now it’s not just advertising users should be wary of.

Companies also have a growing interest in AI with the datasets used for training such computer programmes worth millions, Mr Whaley warns. 

Such data could, in theory, come from health apps.  

‘There’s a huge interest in AI and training models and this data will be very useful for that. It could be used on mass without exposing an individual’s data,’ he says. 

Mr Whaley says that, while still emerging, if the practice takes root, it could impact everyone.  

For example, he explained that if fitness apps sell this data for insurance purposes, the AI would be trained on data from very physically active people.

This could mean they end up inadvertently discriminating against less active people because their data just isn’t representative, he adds. 

But protecting yourself by reading an app’s term and conditions first can be tricky.

Mr Whaley says the wording many companies use is ‘deliberately vague’, as they want to leave the door open to monetising users’ data at some point.

‘If privacy is a significant concern, individuals should think critically about the necessity of each app and the permissions it requests,’ Ms Barker-Paton says. 

You may also like...