Objectives To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy. Design Cross sectional study Setting Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories. Participants Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps. Main outcome measures Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews. Results 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy. Conclusions This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.

中文翻译：

---

移动健康和隐私：横断面研究

目的 调查与健康相关的移动应用程序（mHealth 应用程序）是否收集用户数据以及收集哪些用户数据，描述 Google Play 上所有可用移动健康应用程序的隐私行为，并衡量相关的隐私风险。设计横断面研究Setting Health 相关应用程序为Android 移动平台开发，可在澳大利亚Google Play 商店中获得，属于医疗健康和健身类别。参与者 20 991 款移动医疗应用的用户（Google Play 商店中发现的 8074 款医疗和 12 917 款健康与健身应用：与 8468 款基线非移动医疗应用相比，对 15 838 款无需下载或订阅费的应用进行了深入分析. 主要结果测量主要结果是应用程序代码中的数据收集操作和应用程序流量中的数据传输的特征；分析各类用户数据的主要接收者；应用流量中存在广告和跟踪器；审核应用程序隐私政策以及隐私行为与政策的合规性；以及负面应用评论中的投诉分析。结果 88.0% (n=18 472) 的移动医疗应用程序包含可能收集用户数据的代码。3.9% (n=616) 的应用程序在其流量中传输了用户信息。应用程序代码中的大多数数据收集操作和应用程序流量中的数据传输都涉及外部服务提供商（第三方）。排名前 50 的第三方负责应用代码中的大部分数据收集操作和应用流量中的数据传输（68. 0% (2140)，统称）。23.0% (724) 的用户数据传输发生在不安全的通信协议上。28.1% (5903) 的应用程序没有提供隐私政策，而 47.0% (1479) 的用户数据传输符合隐私政策。1.3% (3609) 的用户评论提出了对隐私的担忧。结论 该分析发现移动医疗应用中存在严重的隐私问题和不一致的隐私实践。临床医生应该意识到这些，并在确定移动医疗应用的益处和风险时向患者阐明它们。结论 该分析发现移动医疗应用中存在严重的隐私问题和不一致的隐私实践。临床医生应该意识到这些，并在确定移动医疗应用的益处和风险时向患者阐明它们。结论 该分析发现移动医疗应用中存在严重的隐私问题和不一致的隐私实践。临床医生应该意识到这些，并在确定移动医疗应用的益处和风险时向患者阐明它们。