In fact, privacy policies appear rare, and when they do exist, most state that user data will be collected and half warn that medical information will be shared with third parties.
“App developers avoid privacy policies because they want to be able to share health information to advertisers without the knowledge of the users,” Blenner added by email.
One-fifth of smartphone owners had health apps in 2012, and 7% of primary care physicians recommended a health app to their patients, Blenner and colleagues write in their report in JAMA on March 8.
To get a sense of how well patient privacy is protected by apps for managing chronic disease, the research team focused on one common condition—diabetes.
They analyzed 211 apps available for download in Google Play, the online marketplace for the Android operating system that powers about 83% of smart phones worldwide.
Slightly more than half of the apps with privacy policies said they would collect data when the app was used or when people registered for an online account.
Just six of these apps, or 15%, explicitly stated that they would not collect personal information from children.
Sixteen, or 39%, said user data may be used for advertising purposes.
One limitation of the study is that the analysis focused on privacy policies available prior to downloads, not features available within the apps, the authors note. The study also excluded apps made for iPhones.
Even so, the findings likely apply to a wide variety of apps for different types of diseases, said George Annas, director of the Center for Health Law, Ethics and Human Rights at Boston University School of Public Health.
“Most apps want to sell medical information to marketers and are likely to think fewer people would use their app if they knew this,” Annas, who wasn’t involved in the study, said by email.