A study in the British Medical Journal that looked at 24 of the 100s of Medical apps available on Google Play found that 79% pass all sorts of user info — including sensitive medical info like what your reported symptoms are and what medications you are taking in some cases — on to third and fourth parties. A German-made and apparently very popular medical app named Ada was found to share user data with trackers like Facebook, Adjust and Amplitude for example. [Click here for the article in German.] The New York Times also warned recently about apps that want to retrieve/store your medical records.
From the conclusion of the study: “19/24 (79%) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties). 18 (33%) provided infrastructure related services such as cloud services. 37 (67%) provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks. Network analysis revealed that first and third parties received a median of 3 (interquartile range 1-6, range 1-24) unique transmissions of user data. Third parties advertised the ability to share user data with 216 “fourth parties”; within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data.”