Repository logo
 

Privacy threats to mobile health apps: an analysis of data collection practices

dc.contributor.authorMyers, Charles Ethan, author
dc.contributor.authorRay, Indrakshi, advisor
dc.contributor.authorOrtega, Francisco, committee member
dc.contributor.authorRay, Indrajit, committee member
dc.contributor.authorJayasumana, Anura, committee member
dc.date.accessioned2025-06-02T15:19:56Z
dc.date.available2026-05-28
dc.date.issued2025
dc.description.abstractUsers often install mobile health applications (mHealth apps) to improve their health and lifestyle. mHealth apps collect sensitive personal health related information and may share them with various stakeholders. Many of these mHealth apps that consumers use for their personal lifestyle benefits are not required to be compliant with any regulation, such as the Health Insurance Portability and Accountability Act (HIPAA) or General Data Protection Regulation (GDPR). Our investigation reveals that there is a mismatch between what an app description states about privacy, what permissions it requests from the end user as declared in its manifest file, privacy regulations (GDPR), and what privacy practices are actually enforced by the app. We provide a formal definition of mHealth apps and discuss an automated approach that uses a pre-trained language model to identify and analyze 13,177 mHealth apps from Google Playstore. We identify the ten most common privacy threats in mHealth apps and map them to GDPR policy violations. Privacy violations pertaining to GDPR include the absence of a consent management system, inconsistent permissions with respect to the app description, and sharing personally identifiable information (PII) without consent. Our analysis reveals that only 4.28% had a consent mechanism, over 88% of app network transmissions shared some form of personally identifiable information (PII) without consent, and nearly 83.7% requested permissions from the users without explaining their use cases. Our research has been successful in building automated tools for detecting privacy violations for some, but not all, of the identified threats.
dc.format.mediumborn digital
dc.format.mediummasters theses
dc.identifierMyers_colostate_0053N_18844.pdf
dc.identifier.urihttps://hdl.handle.net/10217/240936
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado State University. Libraries
dc.relation.ispartof2020-
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright.
dc.rights.accessEmbargo expires: 05/28/2026.
dc.titlePrivacy threats to mobile health apps: an analysis of data collection practices
dc.typeText
dcterms.embargo.expires2026-05-28
dcterms.embargo.terms2026-05-28
dcterms.rights.dplaThis Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado State University
thesis.degree.levelMasters
thesis.degree.nameMaster of Science (M.S.)

Files

Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
Myers_colostate_0053N_18844.pdf
Size:
723.28 KB
Format:
Adobe Portable Document Format