back to article 'Sharing of user data is routine, yet far from transparent' is not what you want to hear about medical apps. But 2019 is gonna 2019

Folks using healthcare-related Android apps: after you've handed over your private details to that software, do you know where it is sending your data? If you don't, nobody should blame you. It turns out it can be a complicated and obfuscated affair. So much so, eggheads probing the data-sharing practices of mobile health …

  1. oldtaku Silver badge
    Unhappy

    That's the whole point

    The whole point of providing a medical app is taking the user's info and selling it to giant corporate a@!#holes. Good luck changing that model.

    1. EVP

      Re: That's the whole point

      Anything else than threat of a prison sentence for CEO of a company amasing and selling sensitive user information won’t work. Maybe not even that.

  2. JohnFen

    Naturally

    At this point, we all understand that if an app has access to data, and the app can communicate out, then that data is going to be sold, right?

    I would never use a medical app of any sort for this reason.

    "The obvious concern is whether or not people's personal information is being properly scrubbed of any identifying info before it is offered to other organizations and advertisers."

    Personally speaking, I don't think doing this makes the situation any better. Same with "anonymization".

  3. ThatOne Silver badge

    This is sick.

    1. JohnFen
      Thumb Up

      I see what you did there!

  4. Ian Michael Gumby

    Data is the new oil...

    Look everyone knows that data is where the money is so we all know that these apps make their money on the back end over the data.

    So none of this is shocking.

    And while they may 'anonymize' the data... Google knows enough to identify people that have been anonymized.

    So there is a clear problem.

    I mean suppose you have a blood glucose monitor app for your smart phone.

    Google can figure who you are based on your digital footprint and some of the metadata from the app provider.

  5. cantankerous swineherd

    why worry about an when your GPs software is ratting on you, eg emis?

    1. JohnFen

      It is worthwhile to reduce your data exposure as much as you can even if you can't reduce it to zero. Not to mention that your phone knows lots of things about you that your physician does not.

  6. Anonymous Coward
    Anonymous Coward

    One silver lining is that most of the programs encrypted this data while in transit

    And then once the data gets to its destination it is decrypted and left in plain text on some cloudy bucket with no password.

    A spokesperson will then make an announcement that they "take customers security and privacy very seriously" and that they have "no reason to believe that there was any unauthorized access" and promise to "do better" and "do a thorough review of our systems"

    Rinse/Repeat

    1. Alister

      Re: One silver lining is that most of the programs encrypted this data while in transit

      I see you work in PR for Facebook then... :)

      1. MrDamage Silver badge

        Re: One silver lining is that most of the programs encrypted this data while in transit

        WeDidNotStoreOurUsersPasswordsInPlainText.txt

    2. Chris G

      Re: One silver lining is that most of the programs encrypted this data while in transit

      I suspect the main reason for encryption is to protect their data not yours, once your data is in their hands it's a part of the product fr sale, so they don't want to lose it in transit.

  7. The Nazz

    The getaway drivers* of IT?

    Are "developers" akin to the getaway drivers involved in robbing a bank or store? Though the driver has not robbed the bank/store themselves, they nevertheless get a hefty sentence once the gang is convicted.

    Where the misuse of data is a crime, are the developers fairly considered an accessory? Indeed, without their app the collection of data wouldn't have even occurred (ok, ok, someone somewhere else would have).

    In civil matters, how long before developers are routinely named as co-defendants in lawsuits?

    * no pun intended.

  8. Anonymous Coward
    Anonymous Coward

    I'll just drop this here then...

    https://www.bleepingcomputer.com/news/security/2-million-emails-of-350k-clients-possibly-exposed-in-oregon-dhs-data-breach/

    1. This post has been deleted by its author

  9. Updraft102

    It slings deets?

    Does this mean these phones repel mosquitoes?

  10. mptBrain

    Shouldn't Alphabet and Facebook be listed under the Marketing sector instead of Technology?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like