Mental Health Apps Collecting More Than Personal Data
Mental Health Apps Collect Sensitive User Data Without Consent
Researchers have discovered that 25 popular Android mental health and therapy apps collect sensitive user data, including conversations, without proper consent.
- The study found that every app contains at least one undisclosed tracker, with 68% failing to disclose at least half of the trackers detected within their software.
- Each of the 20 instrumented apps contacted at least one third-party tracking or analytics domain not named in its privacy policy.
- One app embedded 20 trackers without disclosing any of them in its privacy policy.
- 48% of the apps referenced third-party AI providers in their privacy policies, without clearly indicating where user content was processed.
According to the researchers, “companies can infer sensitive details about users through behavioral signals tied to app activity, such as usage frequency, interaction timing, and session patterns.”
The study also found that many apps request extensive access to sensitive device features, including camera and microphone access. In 16 cases, apps requested dangerous permissions without properly disclosing them in privacy policies.
- Around 80% of the accessible apps require an address during onboarding.
- Nearly half ask mental health screening questions before account creation.
According to the researchers, “this raises concerns about the disclosure of sensitive emotional or psychological information before users have reviewed the company’s privacy practices.”
Deleting data is often difficult, with only 28% of the apps offering in-app deletion tools. Most require users to send requests asking companies to remove their information.
The researchers point out that most mental health apps fall outside HIPAA protections, potentially allowing information collected through advertising and analytics systems to circulate through broader commercial data markets with fewer restrictions.
About Author
English