Privacy concerns with some health, fitness apps

Avid cyclist Matt DeMargel pedaled his way to losing 30 pounds.  He credits health and fitness apps for helping him get there.

"The apps have been very critical in helping me achieve my goals," he said.

Recommended Videos



DeMargel enters his height, weight, everything he eats, and how much he exercises into one app.   He uses another to track each bike ride. 

But DeMargel realizes he's not the only one watching his progress.  Research by privacy technology company Evidon found many popular health, wellness and fitness apps share your data with third parties.

"I've made a choice that being that this was going to help me from a health perspective, that I would take the privacy risk," said DeMargel.

How big of a risk could you be taking?  If apps are used to transmit information to your doctor, pharmacy or any health care plan or provider, that data is confidential.  It's protected under strict federal health information privacy laws.  But if HIPAA doesn't apply, then it's up to each app to disclose its privacy policy.  

A study by Privacy Rights Clearinghouse reveals more than a third of apps it reviewed sent data to parties it didn't disclose. 

"I think that's troubling," said Cora Tung Han with the Federal Trade Commission. "In the health and fitness context, where consumers are used to thinking about sharing their information in the traditional provider context, I think they might be surprised about the collection of information that's happening."

The same study found a majority of apps sent data over unencrypted connections.   The FTC is on the case.

"We are watching," said Tung Han.

The FTC warns app providers need to let users know exactly who's watching their every ride,  tracking their pregnancy or their blood pressure.

"We do look at whether or not apps are honoring what they say in their privacy policies, and also whether or not they are living up to what they say to consumers in the app itself about what they're doing with their information," added Tung Han.

The Application Developer's Alliance says it encourages app makers to be upfront about data collection.   And the organization was quite up front with us: admitting targeted ads are a significant reason for sharing info and a significant source of revenue in the industry.   

"So, if you have high blood pressure and you are telling the app, 'I have high blood pressure', you should expect you're going to get advertisements for high blood pressure medicine," explained Jon Potter with the Application Developers Alliance.

DeMargel says despite the risk of data sharing and unclear privacy policies, he's not putting the brakes on his beloved apps anytime soon.   He just follows his own rules of the road, which experts agree is a good way of gauging if an app is right for you. 

"I just make sure if it's out there it's something I'm comfortable with the whole world knowing," he said.

Experts advise if you can find an apps policy, be sure to read it carefully and make sure you feel comfortable with it.  

Read more about the FTC recommending app developers offer a "Do Not Track" program, similar to the one that exists for web browsing