Five Things to Consider Before You Download that Health App

Mobile health is changing the face of healthcare around the world, and the apps that align with this movement are multiplying exponentially. But with such explosive growth comes inherent risks, which is why there are a few things you should consider before you download your next health app.

To change things up a bit, I'm digging into my evergreen archives—for topics that are as pertinent today as they were when first published. This one first appeared April 3, 2014.

Oh, the wonder of the health app. It seems that each new day heralds the advent of some new cutting-edge mobile app that promises to conveniently and efficiently lead its users to better health. However, as with most things that seem too-good-to-be-true, these on-the-go tools not only support better health, but can also bring a ream of risks along for the ride.

Industry reports estimate that half a billion people will be using mobile health apps in 2015. Combine this with the fact that the rate of app usage in the GCC is the highest among high-use countries , and a 2012 Symantec study that says that 2 in 5 mobile users in MENA have been victims of cybercrime, and you have a perfect recipe for hacker abuse in the region.

“What many consumers may not realize is exactly how much of their personal and private information is up for grabs should these devices be compromised, lost or stolen. Considering the sensitive nature of data that is accessible from personal mobile devices, consumers need to take some basic, yet easy, precautions to protect it from falling into the wrong hands,” said Tamim Taufiq, Head of Consumer Sales MENA for Symantec.

The reality is that mobile apps - whether related to health needs or not - all have the potential to contain certain hazards.

But with continued popularity trends, app use isn’t going away anytime soon – nor should it. When used judiciously, health apps can be a wonderful addition to your healthcare toolkit – as long as you take a few things into consideration before you click on the license agreement, and tap that download button.

1. Policy limitations

Are you violating company policy? If you’re using the same device to access work files as you are to count your calories, you may be operating outside of company guidelines. Even if you own the device, your company may have restrictions on how you use it if you’re accessing it for both.

As the Bring Your Own Device (BYOD) movement continues to grow, companies are becoming more aware of the risks involved and putting policies in place regarding what you can, and can’t do with your device. BYOD policies often address issues such as how you use your device, what software you install, and the extent of your agreement to maintain certain security measures.

2. Security software

Too many people don’t view mobile devices as the computers that they are. One of the first things a user does with a new laptop or desktop is to install protection software, but unprotected mobile devices are rampant across the globe, especially in countries outside the U.S. – up to 40 percent in some places.

That’s one thing if a user wants to risk his or her personal data – but entirely different if that BYOD is attached to sensitive data within your organization. Since mobile devices are armed with ever-increasing muscle, finding a path into their infrastructures may provide access to all kinds of goodies - including credentials contained in text messages, personal information held in contact lists, and banking accounts accessed through mobile applications.

3. Extent of Permissions

When was the last time you actually read through a license agreement before clicking “I accept”?

Very often, the fine print is laced with language that grants global permissions to sensitive data – like your contact list and other jewels that hackers are just itching to get their hands on. In addition, device manufacturers and mobile app makers themselves may be the issue, if you’ve unknowingly given them permission to share your information with third-party advertisers.

A 2013 study by the Privacy Rights Clearinghouse revealed that even when privacy policies are included with the app, they often don’t describe the extent of risks involved. In fact, this study states that “Consumers should not assume any of their data is private in the mobile app environment – even health data that they consider sensitive.”

4. Malicious Malware

Security experts warn that the installation of third-party software – such as apps - can be dangerous. These unregulated hazards often contain backdoors and other malicious ingredients to compromise systems and obtain access to sensitive information.

Kaspersky Lab discovered over 6,000 samples of mobile malware in 2011 – and within 12 months, that number had jumped to five times that amount. According to Chris Doggett, senior VP, North America,

“Mobile platforms, for a lot of attackers, represent a target-rich environment.”

Noting the increased power-without-protection of mobile devices, Doggett says they’re an attractive opportunity for malware creators and exploiters.

5. Value

In light of the risks involved, it’s important to consider the value of the health apps you’re downloading. Are they just a fun convenience, or do they provide essential tools that are really going to make a difference in your health and lifestyle?

Viewed from a different value perspective, consider that a free download may be less secure than a paid one. Since free apps are counting on advertising dollars instead of paid subscribers to make a profit, it’s a good bet that your private information in free app environments is less secure, and is being shared with others.

Mobile health is a wonderful thing, and the apps that make much of it possible are highly valuable in a number of ways. However, all are not created equal, and some pose significant security risks to your private information – as well as your employer’s, if you’re a company BYODer. But that’s still no reason to turn your back on all that mHealth has to offer.

There’s a lot you can do to protect yourself in this exciting and cutting-edge environment – like researching well to be an informed consumer, understanding the full implications of your mHealth habits, and following the old adage, “Buyer Beware.”  

The nuviun blog is intended to contribute to discussion and stimulate debate on important issues in global digital health. The views are solely those of the author.