In a previous blog, I highlighted the increasing empowerment of end users, whether healthcare workers or patients, with information power tools, delivering powerful new capabilities, but also new privacy and security risks. Health and fitness apps are rapidly proliferating across mainstream app ecosystems, driven by compelling benefits.
A sampling of the Google Play Store for Health and Fitness apps shows a wide spectrum of apps ranging from calorie counters, to workout managers, pregnancy assistants, health managers, mental health apps, dieting apps and more. They are collecting increasing variety and volume of sensitive personal information, and often near realtime, presenting a growing privacy challenge. Many users are concerned about privacy and security on some level. However, many are not sure where the specific privacy risks are, or what alternatives they have to continue to engage while also reducing risks. In this blog I explore specific privacy risks in the app space.
There are many ways one can reduce such privacy risks. Below I explore six of the most practical actions one can take to continue to engage in using these kinds of apps, while also reducing risks.
1. Finding Safer Alternative Apps
2. Configuring Apps for Privacy
Many apps contain settings such as opt-outs that control your privacy cost in using them. They may also have passwords or encryption options. Once you have installed an app be sure to look through settings, be aware of what configuration controls you have, and set them in a way that enables you to use the benefits of the app you want, while avoiding any additional unnecessary privacy cost.
3. Disabling Apps You Still Want, But Use Only Occasionally
Beyond the types of personal info apps collect, privacy cost can also depend on the length of time your personal info is collected. In many cases we use an app only periodically, or rarely. However, many apps have background services that are continuously collecting your personal info. Mainstream operating systems including Android enable you to disable apps you use only occasionally, and have those apps automatically re-activated the next time you use them. For example, to do this in Android use the app manager to find the app you want to disable, then select it and “Force Stop” it. This disable endures through a reboot of the device. Only when you next run the app will it be automatically and seamlessly restarted.
4. Uninstalling Apps You No Longer Use
Most of us have had the experience of trying an app, not using it afterwards, while forgetting to uninstall it. Such apps can have background services that collect your personal info indefinitely, even though you are not actively using them. This not only has a privacy cost, but also consumes storage, CPU, battery, radio bandwidth and so forth. Periodically, perhaps monthly, reviewing the apps you have installed and uninstalling ones you no longer use is highly recommended to reduce you privacy cost and free up your device resources to ensure best performance.
5. Be Careful about the Type of Personal Info You Share, and Who You Share With
The privacy cost of using an app is dependent on what types of personal info you are sharing with it, and gets access to it as a result. Some of this sharing of your personal info automatic, and enabled through the permissions you grant to the app at install time as discussed above. However, much of this is the type of personal info you explicitly opts to share while using the app. Be especially careful of sharing anything that can identify you, be used to contact you, be used to locate you, or information that could be embarrassing or abused in the wrong hands. Any kind of financial or insurance information is also risky as it is highly sought after by hackers since it is easily monetized. Be aware of the audience you are sharing with through the app. For example when posting to social media there is often a choice of the particular forum or group you are sharing with on a post by post basis. Be sure the ones you are sharing with are the ones that have a need to know, and that you want to share with.
6. Pay Your Privacy Savvy Forward
Privacy is not an evenly distributed expertise. As you find value in using these practical approaches to reducing your privacy cost in using apps, pay it forward to your friends, family and colleagues to help them engage and have fun while avoiding privacy intrusions.
What other practical approaches are you using to protect your privacy and security while using apps?
David Houlding, MSc, CISSP, CIPP is a senior privacy researcher with Intel Labs and a frequent blog contributor.
Find him on LinkedIn
Keep up with him on Twitter (@davidhoulding)
Check out his previous posts