JMIR Publications

ABSTRACT

Background:

Pulse oximeter apps became of interest to consumers and app users during COVID-19, particularly when traditional over-the-counter pulse oximeter devices became in short supply. Yet, no study to date has examined the privacy implications to engaging in or using pulse oximeter apps that are downloadable to individual mobile devices.

Objective:

This study sought to examine privacy implications, through an assessment of privacy policies, for using top-rated or -downloaded pulse oximeter apps during COVID-19.

Methods:

We reviewed privacy policies for a total of six pulse oximeter apps that had either at least 500 downloads (Google Play Store apps only) or a three out of five-star rating (Apple Store apps only). The privacy policies were reviewed against current privacy best practices for wellness apps: 1) what data is collected, and how is it collected, stored, used, secured, and disclosed; 2) uses of data for advertising (ad); 3) de-identification commitments, 4) whether any covered data will be used or shared for research; 5) users’ options regarding access, correction, or deletion of covered data; 6) under what circumstances covered data is intended to be collected from nonusers; and 7) how the company responds to requests for users’ covered data from federal, state, local, or foreign law and civil enforcement agencies.

Results:

There is variation in both the regulatory nature and data privacy protections offered by pulse oximeter apps, with notable privacy protection limitations and gaps.

Conclusions:

Pulse oximeter app users are highly encouraged to seek professional medical advice before using or relying on pulse oximeter apps. App developers are also encouraged to review and incorporate existing privacy best practices into the design of their apps and development of their privacy policies.