Asim BN reports:
A new investigation by researchers at the University of Bremen has revealed how some of the most popular mobile health apps handle sensitive information in ways that raise questions about transparency and user control. The findings suggest that several apps transmit personal data before users have a chance to give consent, showing gaps between what companies claim in their privacy statements and what their software actually does.
The research, presented at the European Symposium on Research in Computer Security 2025, combined technical, legal, and design-based approaches to understand how digital health tools process personal information. The team examined twenty health and fitness applications commonly used in Germany. These apps, which track activities such as exercise, medication intake, and menstrual cycles, often deal with highly personal medical data.
To measure real behavior, the researchers analyzed both static and dynamic data flows and reviewed privacy policies and consent screens. Their investigation revealed that many applications sent data such as advertising identifiers to external servers even before consent was granted. All tested apps shared information with destinations outside the European Union, mainly in the United States. Some data was also routed to servers in Ireland, China, Sweden, Singapore, and Australia, reflecting how dispersed health data transmission has become.
The study also exposed manipulative design practices that can pressure users into accepting terms quickly. Every app in the sample contained at least one form of deceptive interface design that guided users toward broad consent. In many cases, these patterns made it difficult for people to understand what they were agreeing to or to locate options for limited data use.
Read more at Digital Information World.