Free health tracker apps pose a severe privacy risk, security researchers warn.

Developers frequently neglect data protection and, worse, intentionally lure in users with free health gimmicks in order to monetise their data. Other sharp practices uncovered by the researchers include unsecured data transmission and ad tracking.

Experts at the AV-TEST Institute discovered that more than 80 per cent of 60 tested apps lacked a proper privacy policy despite handling unusually sensitive data.

Thousands of health and fitness tracker apps for Android smartphones have been created. Some help users organise and log their exercise regime by counting kilometres run or walked, calories ingested or pulse rate. Others remind patients to take their medicine on time or record high blood pressure alongside various more medical functions.

Apps can motivate users to get more exercise, eat healthier, record and interpret their own body and vital signs, and optimise their own behaviour accordingly. The downside is that that data collected by the apps can be used by advertisers, health insurance providers and other companies.

The 60 apps evaluated by AV-TEST cover a cross section of the eHealth apps offered free of charge in the Google Play store. They included Android programs for diagnosing diseases, search apps for medical information, pharmacies and physicians, and fitness trackers such as apps that monitor vital signs.

eHealth app permissions stray beyond core functionality [Source: AV-TEST blog post screenshot]

In addition to access to the user and device data, many apps also demanded access to photos and other data stored on mobile devices. GPS data as well as device IDs and call information were not infrequently requested, 12 apps demanded direct access to the camera, seven wanted to freely use the microphone, and three even required full telephony functions of the smartphones. Much of the slurped data was irrelevant to the core function of the app, AV-TEST reports.

More details on the research can be found here. ®