Narrowing The Gap Between Privacy Expectations and Reality in Mobile Health

Principal Investigator(s): 
Michael Tschantz

ICSI and St. Mary's College are collaborating on an NSF-funded project that seeks to answer important questions about privacy and security practices in mobile health technologies (mHealth), such as health apps.

Recent years have seen a dramatic rise in mobile apps for health monitoring, a trend accelerated by COVID-19. By collecting and utilizing massive amounts of data, mobile health apps could revolutionize how people monitor their health and how they interact with physicians -- but this revolution could be derailed by unexpected data uses and poor privacy protections scaring away potential users. The investigators will systematically examine the disconnects between consumers’ privacy expectations when interacting with mobile health apps, privacy perspectives and behaviors of health apps’ developers, the privacy protections afforded by the law and relevant privacy policies, and the actual data handling practices of such apps. This research team will address any identified disconnects by demonstrating methods of communicating privacy information to developers and users. The investigators will attempt to better align the practices of mobile health apps with the privacy expectations of consumers by producing policy recommendations, validated user interface artifacts that improve transparency and privacy control mechanisms, practical solutions for monitoring data practices and enforcing privacy regulations, and advice for developers on considering privacy while designing software.

Combining expertise in social sciences, computer security and privacy, natural language processing, and law, the investigators will comprehensively analyze the privacy of mobile health apps. They will learn the app’s actual data practices by studying their sensitive resource usage and communication over the network. The investigators will examine how current privacy laws do and don’t apply to health apps, and compare them with both users’ and developers’ expectations. Their studies of health app users will identify users’ privacy expectations and test the usability of privacy interfaces. Their studies of health app developers will identify their views on privacy and test privacy-promoting development tools. The combination of these studies will point to interventions; develop and test practical interface improvements, development tools, and other interventions for app developers; and develop and disseminate recommendations to address gaps in current policy.