For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
74
views
8
references
 Top references
cited by
54
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
0 collections
    0
    shares
      135
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Data sharing practices of medicines related apps and the mobile ecosystem: traffic, content, and network analysis

      research-article

      Read this article at

      ScienceOpenPublisherPMC
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          Objectives

          To investigate whether and how user data are shared by top rated medicines related mobile applications (apps) and to characterise privacy risks to app users, both clinicians and consumers.

          Design

          Traffic, content, and network analysis.

          Setting

          Top rated medicines related apps for the Android mobile platform available in the Medical store category of Google Play in the United Kingdom, United States, Canada, and Australia.

          Participants

          24 of 821 apps identified by an app store crawling program. Included apps pertained to medicines information, dispensing, administration, prescribing, or use, and were interactive.

          Interventions

          Laboratory based traffic analysis of each app downloaded onto a smartphone, simulating real world use with four dummy scripts. The app’s baseline traffic related to 28 different types of user data was observed. To identify privacy leaks, one source of user data was modified and deviations in the resulting traffic observed.

          Main outcome measures

          Identities and characterisation of entities directly receiving user data from sampled apps. Secondary content analysis of company websites and privacy policies identified data recipients’ main activities; network analysis characterised their data sharing relations.

          Results

          19/24 (79%) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties). 18 (33%) provided infrastructure related services such as cloud services. 37 (67%) provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks. Network analysis revealed that first and third parties received a median of 3 (interquartile range 1-6, range 1-24) unique transmissions of user data. Third parties advertised the ability to share user data with 216 “fourth parties”; within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data.

          Conclusions

          Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.

          Related collections

          Most cited references8

          • Record: found
          • Abstract: found
          • Article: not found

          Availability and quality of mobile health app privacy policies.

          Ali Sunyaev, Tobias Dehling, Patrick Taylor (2015)
          Mobile health (mHealth) customers shopping for applications (apps) should be aware of app privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app privacy policies on iOS and Android. Over 35,000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had privacy policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of privacy policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app privacy policies. The privacy policies that are available do not make information privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why privacy policies are often absent, opaque, or irrelevant, and to find a remedy.
          Article 0 comments Cited 99 times – based on 0 reviews     Review now
            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice

            Achilleas Papageorgiou, Michael Strigkos, Eugenia Politou (2018)
            Article 0 comments Cited 54 times – based on 0 reviews     Review now
              Bookmark
              • Record: found
              • Abstract: not found
              • Conference Proceedings: not found

              Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

              Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez (2018)
              Article 0 comments Cited 21 times – based on 0 reviews
                Bookmark
                All references

                Author and article information

                Contributors
                Quinn Grundy:
                ORCID: http://orcid.org/0000-0002-7640-8614
                Role: assistant professor and honorary senior lecturer
                Kellia Chiu: Role: PhD candidate
                Fabian Held: Role: senior research fellow
                Andrea Continella: Role: postdoctoral fellow
                Lisa Bero: Role: professor
                Ralph Holz: Role: lecturer in networks and security
                Journal
                Journal ID (nlm-ta): BMJ
                Journal ID (iso-abbrev): BMJ
                Journal ID (publisher-id): BMJ-UK
                Journal ID (hwp): bmj
                Title: The BMJ
                Publisher: BMJ Publishing Group Ltd.
                ISSN (Print): 0959-8138
                ISSN (Electronic): 1756-1833
                Publication date Collection: 2019
                Publication date (Electronic): 20 March 2019
                Volume: 364
                Electronic Location Identifier: l920
                Affiliations
                [1 ]Faculty of Nursing, University of Toronto, Suite 130, 155 College St, Toronto, ON, Canada, M5T 1P8
                [2 ]School of Pharmacy, Charles Perkins Centre, The University of Sydney, Sydney, NSW, Australia
                [3 ]Department of Computer Science, University of California, Santa Barbara, CA, USA
                [4 ]School of Computer Science, The University of Sydney, Sydney, NSW, Australia
                Author notes
                Correspondence to: Q Grundy quinn.grundy@ 123456utoronto.ca (or @quinngrundy on Twitter)
                Author information
                http://orcid.org/0000-0002-7640-8614
                Article
                Publisher ID: gruq047637
                DOI: 10.1136/bmj.l920
                PMC ID: 6425456
                PubMed ID: 30894349
                SO-VID: 009c6919-fba1-4a2c-9cb0-4a824ac01b27
                Copyright © Published by the BMJ Publishing Group Limited. For permission to use (where not already granted under a licence) please go to http://group.bmj.com/group/rights-licensing/permissions
                License:

                This is an Open Access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, remix, adapt, build upon this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: http://creativecommons.org/licenses/by-nc/4.0/.

                History
                Date accepted : 25 February 2019
                Categories
                Subject: Research

                ScienceOpen disciplines: Medicine
                Data availability:
                ScienceOpen disciplines: Medicine

                Comments

                Comment on this article

                scite_

                Similar content135

                See all similar

                Cited by50

                See all cited by

                Most referenced authors176

                See all reference authors