Accepted for/Published in: JMIR Diabetes
Date Submitted: Sep 18, 2019
Open Peer Review Period: Sep 18, 2019 - Nov 13, 2019
Date Accepted: Jul 29, 2020
(closed for review but you can still tweet)
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Using a web scraper to assess the level of privacy of diabetes mobile applications
ABSTRACT
Background:
Mobile health has become a major channel for the support of people living with diabetes. Accordingly, the availability of diabetes mobile apps has been steadily increasing. Most of the previous reviews of diabetes apps have focused on the apps’ features and their alignment with clinical guidelines. However, there is a lack of knowledge on the actual compliance of diabetes apps with privacy and data security aspects.
Objective:
The aim of this study was to assess the level of privacy of diabetes mobile applications to contribute to raising the awareness of final users, developers and data-protection governmental regulators towards privacy issues.
Methods:
A web scraper capable of retrieving Android apps’ privacy-related information, particularly the dangerous permissions required by the apps, was developed with the aim of analyzing privacy aspects related to diabetes apps. Following the research selection criteria, the original 882 apps were narrowed down to 497 apps, which were finally included in the analysis.
Results:
60% of diabetes apps may request dangerous permissions, which poses a significant risk for the users’ data privacy. In addition, 30% of the apps do not return their privacy policy website. Moreover, it was found that 40% of apps contain advertising, and that some apps that declared not to contain it actually had ads. 95.4% of the apps were free of cost, and those belonging to the Medical and Health and Fitness categories were the most popular. However, final users do not always realize that the free-apps’ business model is largely based on advertising, and consequently, on sharing or selling their private data, either directly or indirectly, to unknown third-parties.
Conclusions:
The aforementioned findings unquestionably confirm the necessity to educate users and raise their awareness regarding diabetes apps privacy aspects. For this purpose, this research recommends properly and comprehensively training users, ensuring that governments and regulatory bodies enforce strict data protection laws, devising much tougher security policies and protocols in Android and in the Google Play Store, and the implication and supervision of all stakeholders in the apps’ development process.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.