New York Attorney General Eric T. Schneiderman announced on Friday that the AG's office reached settlements with three mobile application developers who marketed their apps without possessing sufficient information to back up their marketing claims.
There are more than 165,000 mobile apps providing general medical advice and education, a subset of which claim to measure vital signs and other key health indicators using only the user's smartphone. However, these claims have not been proven or given approval by the Food and Drug Administration (FDA). In addition to the misleading claims, the New York Attorney General also cited irresponsible privacy practices as a part of the settlement.
Cardiio and Runtastic both claimed that their apps accurately measured heart rate after vigorous exercise using only the smartphone camera and sensors. However, neither company tested the accuracy with users who had engaged in vigorous exercise. Matis claimed that its app, "My Baby's Beat," could transform a smartphone into a fetal heart monitor and play an unborn baby's heart rate. Matis's app was not an FDA-approved fetal heart monitor and Matis had not conducted any comparison study to a fetal heart monitor, Doppler or other device proven to amplify a fetal heartbeat.
The investigations also revealed several inconsistencies with the published privacy policies and the operation of the applications. For example, Runtastic was found to provide personally identifiable information to third parties and did not disclose this practice to users. The Runtastic app has a "Live Tracking" feature that enables third parties to see the route and other data on the runtastic.com platform. While the published privacy policy stated the feature could be deactivated, the option was not available within the app itself.
Under the settlements, the app developers Cardiio, Runtastic and Matis agreed to:
- pay $30,000 in combined penalties;
- provide additional information regarding the testing of their apps;
- change their ads to keep them from being misleading;
- post noticeable disclaimers on their respective websites informing customers that their apps are neither medical devices nor approved by the FDA;
- make changes to protect the 1,500,000 or so current customers' and new customers' privacy;
- include the requirement of an affirmative consent process when presenting their privacy policies for the apps to clients; and
- disclose the fact that their companies collect and share information that may be personally identifying, potentially including users' GPS locations, unique device identifiers and "de-identified" data that may be used to re-identify specific users.
In a statement, Attorney General Schneiderman said the New York Attorney General's office "will not hesitate to take action against developers that disseminate unfounded information that is both deceptive and potentially harmful to everyday consumers." Application developers need to be aware that in addition to the enforcement of state laws by attorneys general, consumer marketing claims and privacy policies are of significant interest to the Federal Trade Commission.
Application developers should take this opportunity to revisit their marketing claims and privacy policies to ensure they are up to date with current practices.