Health apps approved by NHS 'may put users at risk of identity theft'

Experts say apps do not adequately protect personal information

Health apps accredited by the NHS may not be adequately protecting personal information from hackers, a university study has claimed.

Experts in the UK and France subjected 79 health apps listed by the NHS’s ‘Health Apps Library’ to security checks. They found that around a third were sending identifiable information such as passwords and personal details over the internet with no encryption.

Four of the apps were also sending information about health and lifestyle – such as bodyweight – without encryption, leaving it vulnerable to hackers. One in six also sent information to third parties such as advertisers, despite privacy policies not mentioning this could happen.

Kit Huckvale, a PhD researcher in mobile health at Imperial College London, who led the study, said it could not be ruled out that personal information such as bodyweight, entered into an app, could lead to targeted advertising online.

However, he said the greatest risk was of identity theft. “It doesn’t sit within the expectations of privacy that we have in health,” he said.

The researchers, who have not named the apps in question, have alerted NHS Choices, which manages the app library, to their findings. A number of apps are understood to have been removed as a result.

A spokesperson for NHS Choices said: “We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated.  A new, more thorough NHS endorsement model for apps has begun piloting this month.”

Comments