That's the whole point
The whole point of providing a medical app is taking the user's info and selling it to giant corporate a@!#holes. Good luck changing that model.
Folks using healthcare-related Android apps: after you've handed over your private details to that software, do you know where it is sending your data? If you don't, nobody should blame you. It turns out it can be a complicated and obfuscated affair. So much so, eggheads probing the data-sharing practices of mobile health …
At this point, we all understand that if an app has access to data, and the app can communicate out, then that data is going to be sold, right?
I would never use a medical app of any sort for this reason.
"The obvious concern is whether or not people's personal information is being properly scrubbed of any identifying info before it is offered to other organizations and advertisers."
Personally speaking, I don't think doing this makes the situation any better. Same with "anonymization".
Look everyone knows that data is where the money is so we all know that these apps make their money on the back end over the data.
So none of this is shocking.
And while they may 'anonymize' the data... Google knows enough to identify people that have been anonymized.
So there is a clear problem.
I mean suppose you have a blood glucose monitor app for your smart phone.
Google can figure who you are based on your digital footprint and some of the metadata from the app provider.
And then once the data gets to its destination it is decrypted and left in plain text on some cloudy bucket with no password.
A spokesperson will then make an announcement that they "take customers security and privacy very seriously" and that they have "no reason to believe that there was any unauthorized access" and promise to "do better" and "do a thorough review of our systems"
Rinse/Repeat
Are "developers" akin to the getaway drivers involved in robbing a bank or store? Though the driver has not robbed the bank/store themselves, they nevertheless get a hefty sentence once the gang is convicted.
Where the misuse of data is a crime, are the developers fairly considered an accessory? Indeed, without their app the collection of data wouldn't have even occurred (ok, ok, someone somewhere else would have).
In civil matters, how long before developers are routinely named as co-defendants in lawsuits?
* no pun intended.
This post has been deleted by its author