Privacy International: Diet apps pose privacy risks

Now that it’s summer, many people are busy achieving or maintaining their perfect beach body. Since there are apps for everything, there are also apps to track your diet. You know the apps: you fill in your data, such as your height and weight, and based on that you get a “personal” diet plan.

The researchers from the non-profit Privacy International investigated what apps do with all that data. In their research, they show that diet apps do not always properly protect your data and even share it with third parties.

They focused on BetterMe Meal Plan, Noom, and Vshred apps. Three popular apps whose underlying companies also invest in PPC (Pay-Per-Click) marketing. No wonder the first two apps are the first results on Google when looking up “weight loss”.

The BetterMe MealPlan app starts by asking if you are male or female. He then asks you why you are using the app: losing weight, building muscle or creating healthy habits. Even if losing weight is not your goal, the app will still ask you for your ideal weight and give you a diet plan based on that. The third set of questions is about your body and habits. The app asks about your body type, what you do in a day, what your bad habits are, how much you exercise and so on a whole list of questions. Finally, the app asks for your age, height, weight, and target weight. However, the app always gives the same diet plan, regardless of what data you enter.

The Noom app opens with the question of whether you use the app to work on your fitness or to lose weight. The rest of the questions are the same no matter which targets you selected. You will then be asked to share many demographic characteristics of yourself, such as how old you are, how healthy you are, and what your gender is. In addition, the app asks about specific health risks you might have, such as diabetes or high blood pressure. You will then be asked whether you live in the city or in the countryside, after which you must provide your email address to receive a diet plan.

However, this plan does not stop there. Upon receipt, the app will provide you with a new set of questions to personalize your plan. You answer questions about which diets you have already tried and which events have influenced your weight. In addition, you will be asked about your motivation and how you feel about cognitive behavioural therapy. The last question Noom asks is how much money you want to pay for the first two weeks. After these two weeks, you will be automatically enrolled in a complete two-month plan of $99.

Like BetterMe MealPlan, VShred asks for your gender, age, height, weight, and daily activity first. Based on these answers, VShred will give you the number of calories, carbohydrates, proteins and fats you can have per day. Instead of a personalized diet plan, this app recommends a $57 generic book and content set.

None of the apps use all of your answers to create a personalized diet plan. What is all this obtained data used for?

First up, BetterMe seems to include your answer to gender in their URLs. This means that everyone has access to this information. In their privacy policy, they also say that they share all their data with specific other companies, such as Facebook. Moreover, they state that they also share your data with other “marketing partners” and “measurement partners”.

Noom also shares your data. This app combines your data with your email address to create a personal profile. He also shares all these profiles with the company FullStory. This is a company that provides insight into how consumers interact with the app. Noom also shares your data with other companies to better target their markup. However, the app does not think that sharing your data alone is enough. He also collects other data about you through third parties and then combines it with your Noom data.

Where BetterMe only shares your gender via the URLs, VShred shares all your answers. So all your answers are actually publicly available for the taking. In addition, the state in their privacy statement that they actively share your data with third parties, including the nutritional supplement company SculptNation.

Based on their research, Privacy International submitted Data Subject Access Requests to all three companies. With this they ask the companies to provide insight into what data they collect from their users. After all, the diet apps collect health data , and in Noom’s case also medical information. However, this data is not protected by the Health Insurance Portability and Accountability Act (HIPAA) like your normal medical data. In addition, the apps do not ask for permission to share your data during use.

Only if you actively read the privacy statement yourself, you will find out that they share all this information about you. And even then, it’s not always transparent.

Catch up on more articles here

Follow us on Twitter here

Popular

Must read

MORE ON THIS TOPIC:

Related Posts