How Mobile Health Apps Threaten Our Privacy?

Yıl 2025, Sayı: 14, 160 - 190, 27.06.2025

Murat Uluk

https://doi.org/10.56676/kiad.1549707

https://izlik.org/JA93XB44CZ

Öz

Health data consists of highly sensitive data about individuals’ mental and physical states. In addition to disease diagnoses, test results, and medical reports, health data include blood pressure, heart rate, sleep pattern, and daily activities. Many apps are available in mobile app stores for individuals to track, control, and manage their health. However, there is a lack of information about how these apps collect and process sensitive data and respect user privacy. Based on this, the study analyzed the 20 most popular mobile health apps on Google Play in Türkiye. The study examined which third-party trackers are included in the apps, what permissions they request from user devices, and how these are addressed in their privacy policies. The research was conducted between March 22 and March 29, 2024. The data demonstrate that foreign companies owned 75% of the apps, and all apps had 153 trackers. Each app had at least two different third-party trackers, with a high concentration of trackers belonging to Google and Meta. Most trackers were used for advertising and analytical purposes. The apps requested between a minimum of 9 and a maximum of 83 permissions to access specific features or data from the devices on which they were installed. 19 apps requested at least one permission labeled as special/dangerous. Although all the apps are available in Turkish, half have privacy policies only in English. Three apps had no policy, and seven apps had a Turkish policy. Turkish policies rarely mention the third-party trackers in the apps and the permissions they request. The readability of English policies is at least at the level of high school graduates and/or university students. This study analyses practices in the monitoring of one’s own health with a focus on privacy and reveals shortcomings in the field. Ensuring privacy is expected to contribute to private life and individual freedom.

Anahtar Kelimeler

health data , privacy , mobile apps , third-party trackers

Mobil Sağlık Uygulamaları Mahremiyetimizi Nasıl Tehdit Ediyor?

https://izlik.org/JA93XB44CZ

Öz

Sağlık verileri, bireylerin zihinsel ve fiziksel durumlarına ilişkin son derece hassas verilerden oluşur. Hastalıklar, tahlil sonuçları ve sağlık raporları gibi verilerin yanı sıra tansiyon, nabız, uyku düzeni ve gündelik aktiviteler de sağlık verileri arasında yer almaktadır. Mobil uygulama mağazalarında bireylerin sağlık durumunu takip etme, kontrol etme ve yönetmeleri için birçok uygulama bulunmaktadır. Hassas veriler toplayan ve işleyen bu uygulamaların kullanıcı mahremiyetine ne denli saygı duyarak süreci yürüttükleri hakkında bilgi eksikliği söz konusudur. Çalışma, Türkiye’deki Google Play mağazasında en popüler 20 mobil sağlık uygulamasının hangi üçüncü taraf izleyiciler barındırdıklarını, kullanıcı cihazlarından hangi izinleri talep ettiklerini ve gizlilik sözleşmelerinde bunları nasıl ele aldıklarını incelemiştir. Araştırma, 22 Mart – 29 Mart 2024 tarihleri arasında gerçekleşmiştir. Elde edilen veriler, uygulamaların %75’inin yabancı şirketlere ait olduğunu ve tüm uygulamalarda toplam 153 izleyicinin olduğunu göstermektedir. Tüm uygulamalarda en az iki farklı üçüncü taraf izleyici yer alırken, Google ve Meta’ya ait izleyicilerin yoğunluğu dikkat çekmektedir. İzleyicilerin büyük çoğunluğu reklam ve analitik amaçlar için kullanılmaktadır. Yüklendikleri cihazlardan belirli özellik veya verilere erişmek için en çok 83, en az 9 izin istenmiştir. 19 uygulama en az bir özel/tehlikeli olarak etiketlenen izin istenmiştir. Uygulamaların hepsi Türkçe olmasına rağmen yarısının gizlilik sözleşmesi İngilizcedir. 3 uygulamanın sözleşmesi hiç yoktur, 7 uygulamanın sözleşmesi Türkçedir. Türkçe sözleşmelerde uygulamaların sahip olduğu izleyiciler ve talep ettikleri izinler nadiren yer almaktadır. İngilizce sözleşmelerin okunabilirlik seviyesi en az lise mezunu ve/veya üniversite öğrencisi seviyesindedir. Çalışma, sağlık alanındaki uygulamaları mahremiyet odaklı çözümleyerek alandaki eksikleri ortaya çıkarmaktadır. Bu alanda mahremiyetin sağlanmasının özel yaşama ve bireysel özgürlüklere katkı sağlaması beklenmektedir.

Anahtar Kelimeler

sağlık verileri , mahremiyet , mobil uygulamalar , üçüncü taraf izleyiciler

Kaynakça

• Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514. https://doi.org/10.1126/science.aaa1465
• Acquisti, A., Taylor, C., & Wagman, L. (2016). The economics of privacy. Journal of Economic Literature, 54(2), 442–492. https://doi.org/10.1257/jel.54.2.442
• Lukács, A. (2016). What is privacy? The history and definition of privacy. (Yayımlanmamış çalışma). https://api.semanticscholar.org/CorpusID:190478776
• Berelson, B. (1952). Content analysis in communication research. Free Press.
• Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., & Shadbolt, N. (2018). Third-party tracking in the mobile ecosystem. H. Akkermans & K. Fontaine (Ed.), Proceedings of the 10th ACM Conference on Web Science içinde (s. 23–31). Association for Computing Machinery. https://doi.org/10.1145/3201064.3201089
• Bloustein, E. J. (1964). Privacy as an aspect of human dignity: An answer to Dean Prosser. New York University, School of Law.
• Ceci, L. (2024, 19 Ocak). Google Play Store: Number of apps 2023. Statista. https://www.statista.com/statistics/266210/number-of-available-applications-in-the-google-play-store
• DeBrabander, F. (2020). Life after privacy: Reclaiming democracy in a surveillance society. Cambridge University Press.
• Dolgun, U. (2015). Şeffaf hapishane yahut gözetim toplumu (3. bs). Ötüken Neşriyat.
• Fry, H. (2019). Merhaba dünya (İ. Çıgay Güneş, Çev.). Hep Kitap.
• Hartmann, T. (2022). The hidden history of Big Brother in America: How the death of privacy and the rise of surveillance threaten us and our democracy. Berrett-Koehler Publishers.
• Hern, A. (2018, 28 Ocak). Fitness tracking app Strava gives away the location of secret US Army bases. The Guardian. https://www.theguardian.com/world/ 2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases 4o
• Hidaka, S., Kobuki, S., Watanabe, M., & Seaborn, K. (2023). Linguistic dead-ends and alphabet soup: Finding dark patterns in Japanese apps. A. Schmidt, K. Väänänen, T. Goyal, P. O. Kristensson, A. Peters, S. Mueller, J. R. Williamson & M. L. Wilson (Ed.), Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems içinde (s. 1–13). Association for Computing Machinery. https://doi.org/10.1145/3544548.3580942
• Ibdah, D., Lachtar, N., Raparthi, S. M., & Bacha, A. (2021). “Why should I read the privacy policy, I just need the service”: A study on attitudes and perceptions toward privacy policies. IEEE Access, 9, 166465–166487. https://doi.org/10.1109/ACCESS.2021.3130086
• Iqbal, M. (2024, 24 Ocak). App download data (2024). Business of Apps. https://www.businessofapps.com/data/app-statistics/
• Keegan, J., & Eastwood, J. (2023, 8 Haziran). From “heavy purchasers” of pregnancy tests to the depression-prone: We found 650,000 ways advertisers label you. The Markup. https://themarkup.org/privacy/2023/06/08/from-heavy-purchasers-of-pregnancy-tests-to-the-depression-prone-we-found-650000-ways-advertisers-label-you
• Kern, M., & Sametinger, J. (2012). Permission tracking in Android. J. L. Mauri & P. Lorenz (Ed.), Proceedings of UBICOMM 2012 – The 6th International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies içinde (s. 148-155). IARIA. https://doi.org/10.13140/RG.2.1.4353.5764
• Kim, J. (2023). Data brokers and the sale of Americans’ mental health data. Duke University, Sanford School of Public Policy. https://techpolicy.sanford.duke.edu/data-brokers-and-the-sale-of-americans-mental-health-data/
• Knight, T. (2021). Data ownership: Legalities concerning wearable technologies. D. Sen & R. Ahmed (Ed.), Privacy concerns surrounding personal information sharing on health and fitness mobile apps içinde (s. 60–82). IGI Global.
• Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security, 64, 122–134. https://doi.org/10.1016/j.cose.2015.07.002
• Kollnig, K. (2021). Tracking in apps’ privacy policies. arXiv. https://doi.org/10.48550/arXiv.2111.07860
• Kollnig, K., Binns, R., Van Kleek, M., Zhao, J., Lyngs, U., Tinsman, C., & Shadbolt, N. (2021). Before and after GDPR: Tracking in mobile apps. Internet Policy Review, 10(4). https://doi.org/10.14763/2021.4.1611
• Lauer, J. (2012). Surveillance history and the history of new media: An evidential paradigm. New Media & Society, 14(4), 566–582. https://doi.org/10.1177/1461444811420986
• Lokke, E. (2018). Mahremiyet: Dijital toplumda özel hayat (D. Başak, Çev.). Koç Üniversitesi Yayınları.
• Lynch, M. P. (2016). The internet of us: Knowing more and understanding less in the age of big data. W. W. Norton & Company.
• Metzger, M. J., Suh, J. J., Reid, S., & Abbadi, A. E. (2021). What can fitness apps teach us about group privacy? D. Sen & R. Ahmed (Ed.), Privacy concerns surrounding personal information sharing on health and fitness mobile apps içinde (s. 1–30). IGI Global.
• Neuman, W. L. (2014). Toplumsal araştırma yöntemleri (S. Özge, Çev.; 7. bs., Cilt 1). Yayınodası Yayıncılık.
• Paci, F., Pizzoli, J., & Zannone, N. (2023). A comprehensive study on third-party user tracking in mobile applications. Proceedings of the 18th International Conference on Availability, Reliability and Security içinde (s. 1–8). Association for Computing Machinery. https://doi.org/10.1145/3600160.3605079
• Privacy International. (2019). Your mental health for sale: How websites about depression share data with advertisers and leak depression test results. https://privacyinternational.org/campaigns/your-mental-health-sale
• Qayyum, H., Salman, M., Sentana, I. W. B., Nguyen, D. L. G., Ikram, M., Tyson, G., & Kaafar, M. A. (2022). A first look at Android apps’ third-party resources loading. X. Yuan, G. Bai, C. Alcaraz & S. Majumdar (Ed.), Network and system security: NSS 2022. Lecture notes in computer science içinde (s. 193–203). Springer. https://doi.org/10.1007/978-3-031-23020-2_11
• Raymond, E. (2001). The cathedral & the bazaar: Musings on Linux and open source by an accidental revolutionary. O’Reilly Media.
• Razaghpanah, A., Nithyanand, R., Vallina-Rodriguez, N., Sundaresan, S., Allman, M., Kreibich, C., & Gill, P. (2018). Apps, trackers, privacy, and regulators: A global study of the mobile tracking ecosystem. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2018 içinde (s. 1–15). DBLP. http://dx.doi.org/10.14722/ndss.2018.23353
• Robb, D. (2017, 1 Kasım). Building the global heatmap. Strava Engineering. https://medium.com/strava-engineering/the-global-heatmap-now-6x-hotter-23fc01d301de
• Ruser, N. [@nrg8000]. (2018, 27 Ocak). Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option)… [Tweet]. X. https://x.com/nrg8000/status/957318498102865920
• Sathyanarayana, A., Joty, S., Fernandez-Luque, L., Ofli, F., Srivastava, J., Elmagarmid, A., Arora, T., & Taheri, S. (2016). Sleep quality prediction from wearable data using deep learning. JMIR mHealth and uHealth, 4(4), e125. https://doi.org/10.2196/mhealth.6562
• Schechner, S., & Secada, M. (2019, 22 Şubat). You give apps sensitive personal information. Then they tell Facebook. The Wall Street Journal. https://www.wsj.com/articles/you-give-apps-sensitive-personal-information-then-they-tell-facebook-11550851636
• Sherwani, S. I., & Bates, B. R. (2021). Role of wearable technology and fitness apps in obesity and diabetes: Privacy, ownership, and portability of data. D. Sen & R. Ahmed (Ed.), Privacy concerns surrounding personal information sharing on health and fitness mobile apps içinde (s. 31–59). IGI Global.
• Solove, D. J. (2002). Conceptualizing privacy. California Law Review, 90(4), 1087–1155. https://doi.org/10.2307/3481326
• Solove, D. J. (2011). Nothing to hide: The false tradeoff between privacy and security. Yale University Press.
• Statista. (2024). App—worldwide | statista market forecast. https://www.statista.com/outlook/amo/app/worldwide
• Stevens, R., Gibler, C., Crussell, J., Erickson, J., & Chen, H. (2012). Investigating user privacy in Android ad libraries. Proceedings of the 1st Workshop on Mobile Security Technologies (MoST 2012) içinde (s. 195–197). IEEE Computer Society. https://www.cs.ucdavis.edu/~hchen/paper/most2012ad.pdf
• Strömholm, S. (1967). Right of privacy and rights of the personality: A comparative study. P.A. Norstedt & Söners Förlag.
• Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5), 193-220. https://doi.org/10.2307/1321160
• Yu, L., Luo, X., Chen, J., Zhou, H., Zhang, T., Chang, H., & Leung, H. K. N. (2021). PPChecker: Towards accessing the trustworthiness of Android apps’ privacy policies. IEEE Transactions on Software Engineering, 47(2), 221–242. https://doi.org/10.1109/TSE.2018.2886875
• Zippia. (2023, 20 Mart). 40 fascinating mobile app industry statistics [2023]: The success of mobile apps in the U.S. https://www.zippia.com/advice/mobile-app-industry-statistics
• Zuboff, S. (2019). The age of surveillance capitalism: The fight for a human future at the new frontier of power. PublicAffairs.