Assessing the Privacy of mHealth Apps for Self-Tracking: Heuristic Evaluation Approach

There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

Abstract

Background The recent proliferation of self-tracking technologies has allowed individuals to generate significant quantities of data about their lifestyle. These data can be used to support health interventions and monitor outcomes. However, these data are often stored and processed by vendors who have commercial motivations, and thus, they may not be treated with the sensitivity with which other medical data are treated. As sensors and apps that enable self-tracking continue to become more sophisticated, the privacy implications become more severe in turn. However, methods for systematically identifying privacy issues in such apps are currently lacking. Objective The objective of our study was to understand how current mass-market apps perform with respect to privacy. We did this by introducing a set of heuristics for evaluating privacy characteristics of self-tracking services. Methods Using our heuristics, we conducted an analysis of 64 popular self-tracking services to determine the extent to which the services satisfy various dimensions of privacy. We then used descriptive statistics and statistical models to explore whether any particular categories of an app perform better than others in terms of privacy. Results We found that the majority of services examined failed to provide users with full access to their own data, did not acquire sufficient consent for the use of the data, or inadequately extended controls over disclosures to third parties. Furthermore, the type of app, in terms of the category of data collected, was not a useful predictor of its privacy. However, we found that apps that collected health-related data (eg, exercise and weight) performed worse for privacy than those designed for other types of self-tracking. Conclusions Our study draws attention to the poor performance of current self-tracking technologies in terms of privacy, motivating the need for standards that can ensure that future self-tracking apps are stronger with respect to upholding users’ privacy. Our heuristic evaluation method supports the retrospective evaluation of privacy in self-tracking apps and can be used as a prescriptive framework to achieve privacy-by-design in future apps.

Related collections

Most cited references 35

Record: found
Abstract: not found
Conference Proceedings: not found

Heuristic evaluation of user interfaces

Jakob Nielsen, Rolf Molich (1990)

0 comments Cited 188 times – based on 0 reviews

Bookmark

Record: found
Abstract: found
Article: not found

Patient compliance with paper and electronic diaries.

Joan Broderick, Roslyn Stone, Saul Shiffman … (2003)

Paper diaries are commonly used in health care and clinical research to assess patient experiences. There is concern that patients do not comply with diary protocols, possibly invalidating the benefit of diary data. Compliance with paper diaries was examined with a paper diary and with an electronic diary that incorporated compliance-enhancing features. Participants were chronic pain patients and they were assigned to use either a paper diary instrumented to track diary use or an electronic diary that time-stamped entries. Participants were instructed to make three pain entries per day at predetermined times for 21 consecutive days. Primary outcome measures were reported vs actual compliance with paper diaries and actual compliance with paper diaries (defined by comparing the written times and the electronically-recorded times of diary use). Actual compliance was recorded by the electronic diary. Participants submitted diary cards corresponding to 90% of assigned times (+/-15 min). However, electronic records indicated that actual compliance was only 11%, indicating a high level of faked compliance. On 32% of all study days the paper diary binder was not opened, yet reported compliance for these days exceeded 90%. For the electronic diary, the actual compliance rate was 94%. In summary, participants with chronic pain enrolled in a study for research were not compliant with paper diaries but were compliant with an electronic diary with enhanced compliance features. The findings call into question the use of paper diaries and suggest that electronic diaries with compliance-enhancing features are a more effective way of collecting diary information.