Publication & Articles 2018

HOME > Publication & Articles 2018


Smartphone App Marketplace as Privacy Gatekeepers: Protecting Personal Data One App at a Time [Volume 8 – 2018]

31 January 2018

Antonio Formacion
Smartphone App Marketplace as Privacy Gatekeepers:
Protecting Personal Data One App at a Time
This paper is part of the output from the research “Legal and Policy-Informatics Analyses on ‘Right to Be Forgotten’” funded by the Research Grant-in-Aid of the KDDI Foundation.

1. Introduction

Japan is a very connected country, reaching a high of 103.89 million internet users in 2017[i]. Moreover, more than half this number access online services for general information, social media connection, entertainment, news, financial transactions, gps-functionaility, and other online services, conveniently through the myriad of apps installed in their smartphones, apps purchased and downloaded through the app Marketplace, the Play Store for the Android ecosystem and the App Store of the iOS ecosystem. As more and more people in Japan rely on online services for their daily lives, private companies, through their apps’ Terms of Service (TOS) and privacy policies are granted the right to collect and process vast amount of personal information about their users. Personal information (name, email, address, phone number, location, and financial data among others) as well as non-personal data through the users’ interaction with these online services are constantly being collected.

This paper focuses on the state of privacy policies of popular medical and lifestyle apps[ii] available in Japan. Imbued with the capability to measure and analyze active body movements both during rest (sleeping) and in motion (walking or running), track location, collect activity and search histories, measure nutritional intakes, monitor heart rates, record sensitive medical conditions, capture images, and even dispense health recommendations, from users using a smartphone or after pairing the same with an additional wearable gadget such as a smartwatch.[iii]

In the new age of data, the ability and usefulness of using smartphones to benefit our health and fitness, should be balanced with valid privacy concerns over the personal data of the end-users. When personal data is growing more important and generally touted as the new currency of the new information age, proper education and protection should be more than an afterthought in doing business. How could an owner of the latest iPhone or Galaxy smartphone ensure that his or her legal right to privacy will be respected? No other object has captured our personal data as much as the smartphone through the apps that we ourselves choose to install, this is especially true in Japan where smartphone penetration is tagged at 48% or 60.48 million out of a total population of 127 million[iv]. With the raising awareness to the importance or personal data and the growing usage of health and fitness apps, the demand to protect privacy rights and to guarantee that the collection, storage, management, and analysis of personal healthcare data of the individual users should be foremost in the minds of not only the app makers themselves, but also for the companies that control the app marketplaces.

These app marketplaces have a very big economic incentive to preserve the trust of the smartphone users and the general public in its ability to safeguard their interests, particularly of their personal information. 2016 saw the iOS App Store generate over $26.5 billion for the developers, which translates to an approximate $11.5 billion in revenue for Apple.[v] Google on the other hand was estimated to have generated about $15 billion for the developers, earning for itself a not insignificant amount in revenue. 2017 was even a bigger year for both Marketplaces, jointly earning an estimated $58.6 billion in apps sales[vi]. These are all impressive numbers that are further projected to continue to increase at a rapid rate through the next few years. Though the great majority of the revenue of the App Store and the Play Store comes from gaming and entertainment apps, with healthcare apps only contributing a very small part, much is at stake if the trust of the users is ruined due to privacy concerns. The potential of a “moral panic” scenario for personal data protection in suing these apps would could prove disastrous for the whole industry.

2. Privacy as a right

What is Privacy? Warren and Brandeis, in their seminal article on “The Right to Privacy”[vii] defined it as the “right to be let alone”[viii], a favorite quote for many students of privacy law, and the traditional definition of privacy for the past hundred years. However, equating the right to privacy to that of being let alone is overly simplistic in today’s world. This concept is unfortunately limited by its own era, one that is no longer in touch with the challenges and realities of today. The above-mentioned article was a reaction to the lifestyle threat from new enterprises started by a new type of journalism (tabloids or yellow journalism as it was known in that era) and the technological breakthrough of new gadgets such as Kodak’s new portable cameras that threatened to shout from the rooftops those that were whispered in the closet[ix]. The society when “The Right to Privacy” was published was then undergoing a massive cultural transformation, similar to what we are currently experiencing today in terms of how information is collected and spread. Perhaps, in a perfect world where everybody have insight to all the possible ramifications for one’s every action, and threat to privacy is more of an external threat, the right to be simply let alone could very well be adequate in protecting the private details of our lives, essential in affording us the “right to enjoy life”.

The right to privacy in Japan as embodied as the “right to pursue happiness” can be seen as instilled in its 1947 Constitution that states:

[a]ll of the people shall be respected as individuals. The right to life, liberty, and the pursuit of happiness shall, to the extent that it does not interfere with the public welfare, be the supreme consideration in legislation and in other governmental affairs.

This legal right was first recognized by the courts through ruling of the Tokyo District Court in 1964[x] and the eventual ruling in the Supreme Court in 1969[xi]. Indeed, privacy is an issue that is treated of great importance in Japan.


The Personal Information Protection Act (Law No. 57 of 2003) of Japan was promulgated on May 23, 2003 and became fully effective on April 1, 2005. The Act aims to “protect the rights and interests of individuals while taking consideration of the usefulness of personal information, in view of a remarkable increase in the use of personal information due to development of the advanced information and communications society” (Article 1). This Act has since been revised and strengthened (in 2017) to reflect on more recent realities that not only seeks to safeguard personal data, but also to find ways on how data can be managed and utilized without sacrificing an individual’s privacy.

Hence, it is of vital interest to find out how smartphone healthcare apps, dealing with personal information, that are readily available in Japan through the local Android Play Store and iOS App Store, inform customers of their privacy policies.

3. Scope of the study

The objectives of this paper are three-fold. First, the paper will show the presence (or absence) of privacy policies in the most popular healthcare apps available for the Android and iOS smartphone devices[xii]. This will help assess the current state from the most basic privacy protection afforded by the healthcare apps, which comes from the knowledge of how these healthcare apps deal with personal information.[xiii]. Secondly, the paper will provide and overview of the usefulness of the existing privacy policies viewed from the user-level perspective. Third, to argue various ways to improve on the existing level of personal data protection of these healthcare apps.

The paper is based on a study that looked into the privacy policy of the most popular healthcare apps from both the Apple App Store for iOS devices and the Play Store for Android devices in the Japanese marketplace for the year 2017.[xiv] Though it is recognized that there are other operating systems available to the modern smartphones[xv], recent market studies show that 99.6% of the smartphones currently in use are of the iOS or Android variety[xvi]. By covering the 2 major app marketplaces, only a minuscule .4% of the total smartphone population will be exempted from the study.[xvii]

Furthermore, though it is technically possible to side-load Android apps, those too would not be included, focusing only on the apps that users of an Android device smartphone can access through the official Play Store. The same is true for the jailbroken iPhones, which enables the users of iOS device smartphones to access private third-party apps not approved and available in the official App Store, were also not considered for the purposes of the study.

3.1. Timeliness of the study

The data on the Marketplaces and apps involved in the study were collected on 1 September 2017. It is understood that changes in the app Marketplaces of the Android Play Store and iOS App Store, as well as the individual apps may have occurred afterwards. This paper only endeavors to paint the app privacy policy status, as it was document on 1 September 2017. In no way does this paper guarantees the state of the Marketplaces mentioned to remain static.

3.2. Apps included in the study

An inspection of the iOS App Store showed two main categories of apps that are closely related to healthcare, namely the categories on Health & Fitness and Medical. Only the top 50 popular apps from each category were included, to better reflect actual-use reality. The Health & Fitness category included the top 50 most popular apps, this category had no separate listing for free and paid apps. As for the Medical category, this included the top 50 most popular free apps as well as the top 50 most popular paid apps. In total, 150 apps from the App Store’s two categories were examined.

The Android Play Store also showed 2 main categories closely related to healthcare, similarly labeled Health & Fitness category and Medical category. The Health & Fitness showed a total of 16 apps arranged by popularity; all 16 apps were included in the study, again as with the iOS App Store, this category had no separate listing for free and paid apps. As for the Medical category, included were the top 50 most popular free apps as well as all the 37 apps listed in the paid apps. In total, 103 apps from the Play Store’s two categories were examined.

This brings the total number of smartphone healthcare apps to 253 from the Japanese App Marketplace that were included in the study. No other study of this exhaustive level has been published as of this writing.

In order to determine the state of privacy policy for each app, only the information immediately visible in the app marketplaces were considered. Privacy policy links were carefully accessed to assess any dead links or those that lead to irrelevant information. Each valid privacy policy was then analyzed to determine total word count, language(s) version availability, and the date of instituting the policy.

Moreover, the availability of contact information, such as email address of the developer, website links, and office addresses, were likewise examined to determine how easily an end-user could get in touch with the developer / company who owns and manages the app.

4. Study output
4.1. Existence of Privacy Policies in the healthcare apps

For the healthcare apps available in the Android Play Store, the following are the findings:

  • In the Health & Fitness Category apps, 93.75% (15 out of 16) were confirmed to include a link to their respective privacy policies.
  • In the Medical (Free) Category apps, 78% (39 out of 50) were confirmed to have a link to their respective privacy policies.
  • In the Android Medical (Paid) Category apps, 32.43% (12 out of 37) were confirmed to have a link to their respective privacy policies.
  • Of the total Android apps studied, 64% (66 out of 103) were confirmed to include a link to their respective privacy policies.

For the healthcare apps available in the iOS App Store, the following are the findings:

  • In the iOS Health & Fitness Category apps, 60% (30 out of 50) were confirmed to have a link to their respective privacy policies.
  • In the iOS Medical (Free) Category apps, 46% (23 out of 50) were confirmed to have a link to their respective privacy policies.
  • In the iOS Medical (Paid) Category apps, 18% (9 out of 50) were confirmed to have a link to their respective privacy policies.
  • Of the total iOS apps studied, 41.33% (62 out of 150) were confirmed to include a link to their respective privacy policies.

Though it was found that Android healthcare apps performed better than its iOS counterpart in actually having their privacy policies available for scrutiny during the purchase stage, having a positive instance of 64% compared to 41% for iOS healthcare apps, these rates are both still very low, considering the sensitivity of the data that they collect, process, and store. Furthermore, taken collectively for both the Android and iOS app, only half of the apps (50.59%) would have a privacy policy available.

In both app marketplaces, the highest rates of having privacy policies can be found in the category of Health & Fitness, 94% for Android, and 60% for iOS. Further investigation is needed as to why this is the case, especially when compared to the rates computed for the other category. Is this evidence that Health & Fitness apps are more active in collecting personal information compared to the apps under the Medical category?

A somewhat surprising figure is the great discrepancy of the presence of a privacy policy between paid and free apps in the Medical category. One would easily venture to assume that a company offering a paid app, would be more vigilant in ensuring that their respective privacy policies are in place. However, while 78% of Android free Medical apps and 46% of the iOS free Medical apps have privacy policies, a mere 32% of Android paid Medical apps and 18% of iOS paid Medical apps have privacy policies in place. This is a percentage difference of 32% for Android and a similar 28% difference in the iOS between the free and paid apps. A cursory glace at the companies involved in the apps marketplace shows that bigger companies tend to favor creating free instead of paid apps.[xviii]

4.2. Privacy Policy language

For the healthcare apps available in the Android Play Store with privacy policies, these privacy policies are available in the following languages:

  • In the Android Health & Fitness apps, 31.25% (5 out of 16) have their privacy policies in Japanese, 62.5% (10 out of 16) in English, and 6.25% (1 app) have it available in English, Japanese, Korean, and Spanish.
  • In the Android Medical (Free) apps, 87.17% (34 out of 39) have their privacy policies in Japanese, 10/25% (4 out of 39) have it in English, and 2.56% (1 app) have it in Korean.
  • In the Android Medical (Paid) apps, 50% (6 out of 12) have their privacy policies in Japanese, 41.66% (5 out of 12) have it in English, and 8.33% (1 app) have it in German.
  • In total, 68.65% (46 out of 67) of the available privacy policies can be viewed in Japanese.
  • Of the entire healthcare apps in the Android Play Store reviewed for the study, only 44.66% (46 out of 103) of the apps have a privacy policy that is also available in the local language.

For the healthcare apps available in the iOS App Store with privacy policies, these privacy policies are available in the following languages:

  • In the iOS Health & Fitness apps, 66.66% (20 out of 30) have their privacy policies in Japanese, 36.66% (11 out of 30) have it in English, and 3.33% (1 app) have it available in multiple languages that include Japanese.
  • In the iOS Medical (Free) apps, 82.60% (19 out of 23) have their privacy policies in Japanese, 13.04% (3 out of 23) have it in English, 4.34% (1 app) have it in both Japanese and English, and 4.34% (1 app) have it in Korean.
  • In the iOS Medical (Paid) apps, 11.11% (1 app) have their policy in Japanese, 55.55% (5 out of 9) have it in English, and 33.33% (3 out of 9) have it in German.
  • In total, 67.74% (42 out of 62) of the available privacy policies can be viewed in Japanese.
  • Of the entire healthcare apps in the iOS App Store reviewed for the study, only 28% (42 out of 150) of the apps have a privacy policy that is also available in the local language.

In the era of geo-tagging and curated national stores for both the app Marketplaces, it is shocking to see that while similar rates of 68% and 67% have the local language available for Android and iOS healthcare apps (for those that do have privacy policies) respectively, only 34% (88 out of 153) of the total apps studied (from both the Japanese Android Play Store and the Japanese iOS App Store) have privacy policy in the Japanese language.

4.3. Number of words per Privacy policy

One of the biggest hurdle facing privacy advocates is the difficulty in making privacy policies intelligible. Beyond the necessity of having the privacy policy visible and easily accessible, the language of the privacy policy must also be easily understood. A paper published in 2008 on the Cost of Reading Privacy Policies[xix] studied 75 of the most popular websites in the United States (in 2005), and found that on average, a privacy policy took 10 minutes to actually read.

The quoted time needed in the above-mentioned study only accounted for the reading time, which should be differentiated from actually understanding the text of the privacy policies. The difficulty in understanding the wordings of a privacy policy, which is full of legal jargon and references to lengthy documents has even created the online Usable Privacy Project, a project on privacy policies of major websites that seeks to “distill them into something you can actually read and understand”[xx].

In determining the length of time needed to read the privacy policies of the healthcare apps in the study, the numbers of words used per policy were collated, separating the Japanese language policies from the English (as well as German and Korean) language policies. Once the total word count is known, the Japanese reading speed was computed at 400 characters per minute[xxi], and the English reading at 250 words per minute[xxii].

Reading comprehension at the speed mentioned above would normally result in a 60% level of comprehension for non-technical text.[xxiii] Therefore, to fully understand completely the wordings of each privacy policy, a slower and more meticulous reading would be necessary (if not numerous readings) that would further inflate the number minutes in the findings below.

The findings for the privacy policies of the apps from the Android Play Stores are as follows:

  • The 15 privacy policies found in the apps from the category of Health & Fitness had a total of 190.74 minutes, which translated into an 11.92 minutes of reading per privacy policy.
  • Those in the category of free-apps in the Medical category had a total of 506.94 minutes for the 39 apps, meaning a 13-minute average per app reading.
  • For the category of paid-apps in the Medical category, a total of 46.10 minutes for all 12 apps with privacy policy, giving an average of 3.84 minutes of reading per privacy policy.
  • In total, the 66 apps with privacy policies have a total reading time of 743.78, or 11.27 minutes of reading time per privacy policy.

The findings for the privacy policies of the apps from the iOS App Stores are as follows:

  • The 30 privacy policies found among the category of Health & Fitness had a total of 254.84 minutes, which translated into an 8.50 minutes of reading per privacy policy.
  • Those in the category of free-apps in the Medical category had a total of 176.57 minutes for the 23 apps, meaning a 7.68 minutes average per app reading.
  • For the category of paid-apps in the Medical category, a total of 36.52 minutes for all 9 apps with privacy policy, giving an average of 4.06 minutes of reading per privacy policy.
  • In total, the 62 apps with privacy policies have a total reading time of 467.93, or 7.55 minutes of reading time per privacy policy.

The resulting average privacy policy reading time for all the 128 healthcare apps from both Marketplaces was determined to be 9.47 minutes (1211.71 total reading minutes for 128 apps), not that different from the website privacy policies in the above-mentioned paper. The amount of time needed to completely read through the privacy policies do take time, which can further discourage a normal smart user to actually read them, or to remotely understand the meaning of the policies.

Another interesting finding once again is with regard to how the paid-apps in the Medical category behaved. For both the Android and iOS apps, the length of the privacy policy for the group is unusually short, averaging only 3.84 minutes for the Android apps and 4.06 minutes for the iOS apps. This data, taken together with the previous finding that only a small percentage of paid-Medical apps have privacy policies somehow shows the level of commitment of their programmers. Very few bother with having a privacy policy at all, and when they do, the length of the privacy policies is unusually short. While it is commendable to aim for shorter privacy policies, the results of the paid-Medical apps findings unfortunately points not to a more advance and better privacy policy text, but rather the opposite, which is of inferior in quality at best.

4.4. Dates reflected in the privacy policy

Domestic privacy laws are always changing and improving, taking into each revision, the experience of the country as well as other privacy related developments of other legal jurisdictions. Japan for its part had just recently undergone a revision. Japan’s Act on the Protection of Personal Information (APPI)[xxiv] was amended taking full effect last 30 May 2017. It has undergone changes through the years from its original form in 2003. Having the dates in the face of the privacy policy enables the reader to have a sense of how recent the policy is. A privacy policy written some years ago would probably not have the same privacy guarantees as a newer version from the same company. Furthermore, technology is continuously evolving and has also greatly changed the way information is analyzed, what seemed innocuous just a few years ago, might be considered as a sensitive personal information today. Especially in the health care sector, where extra care is needed to ensure a patient’s information is protected in accordance to the law.

In Japan for example, the new APPI has elevated medical history, in addition to race, beliefs, and social status, in its new designation of falling under the “sensitive personal information”.[xxv]

Looking at the visibility of the dates for the privacy policies is very disheartening.

  • Only 33% of the privacy policies found in the study carried dates.

This low rate further adds to the complication when app manufacturers arbitrarily change their privacy policies without giving proper notification and documentation to the end-users.

4.5. Visibility of the contact information

The visibility of the contact information is also very important in ensuring that companies do not infringe on the privacy rights of their users. If an app doesn’t have a privacy policy written in the marketplace, or if the privacy policy was not dated, or if text of the privacy policy is ambiguous, recourse for an insistent user would be to contact the manufacturer of the app in order to seek official clarification. The privacy policy of the company could very well be in one of the numerous pages of its website, or they could probably send you the privacy policy in an email or through post. Though the marketplace is a close business environment, the final responsibility of any privacy right violations lies in the app manufacturers themselves. Therefor the study also needed to gauge how many of the app manufacturers actually have their contact information visible before an end-user downloads their app.

  • Only 83 out of the total 253 have their contact information visible. Which leaves 67% to be very difficult to contact for clarifications or to resolve issues of privacy.

5. Discussion

After the exhaustive review of the relevant healthcare apps, taking into consideration the factors or 1. Presence of a visible/accessible privacy policy, 2. Available language of the existing privacy policies, 3. Length and reading time of the privacy policies, 4. Date markers on the privacy policies, and 5. Availability of contact information, the state of the current privacy safeguards of the app Marketplace can be clearly shown for analysis and proper recommendations can be formulated to better safeguard personal data when using smartphone healthcare apps.

5.1. Purpose of a privacy policy

A privacy policy by definition is a statement from a company on how they handle personal data. Google defines it as: “A Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it.”[xxvi] It is meant for both the employees of the company that collects personal data, as well as for the general public to know if their data are being collected, what data are being collected, for what purpose/reason it is being collected, how these data will be used, and the guarantees made by the company with regard to the personal data of its users.

5.1.1. Android Play Store App Submission Privacy Policy Requirements

According to the Play Store Policies, companies with apps on the Play Store should handle user data with care. Under the developers’ best-practice tips website:

User data can include information provided by a user, collected about a user, or collected about a user’s interactions with the app or device. If your app is collecting personal or sensitive user data, handle it securely and include a privacy policy in your Store Listing and in your app.[xxvii]

The guide for privacy policies in the developers’ website of Google also encourages the visible set-up of the app’s attributable privacy policy:

Privacy disclosures — made via a privacy policy and in-Action conversations — help users understand what data you collect, why you collect it, and what you do with it. The disclosures should be comprehensive, accurate, and easy to understand by users. Users will have an opportunity to review the policy when they browse actions in the Directory, and we encourage developers to make it available on their website and other convenient places.[xxviii]

Furthermore, Google offers free web space hosting for the privacy policy text in their Google Sites service for the apps submitted in the Android Play Store.

5.1.2. iOS App Store Submission Privacy Policy Requirements

The iOS App Store through the Apple’s Program License Agreement (PLA) clearly specifies that all iOS apps must comply with all applicable privacy laws:

You and the Application must comply with all applicable privacy and data collection laws and regulations with respect to any collection, transmission, maintenance, processing, use, etc. of the user’s location data or personal information by the Application.[xxix]

Moreover, the iOS Developer Program License also states that iOS apps must make available on the App Store page a clear description on how personal data is handled:

You must provide clear and complete information to users regarding Your collection, use and disclosure of user or device data, e.g., a link to Your privacy policy on the App Store. Furthermore, You must take appropriate steps to protect such data from unauthorized use, disclosure or access by third parties. If a user ceases to consent or affirmatively revokes consent for Your collection, use or disclosure of his or her user or device data, You (and any third party with whom you have contracted to serve advertising) must promptly cease all such use.[xxx]

However, when submitting the app for the App Store, In Apple’s Appendix B[xxxi] (named “iTunes Connect App Properties”), the Privacy Policy URL field is optional, leaving the decision to the app manufacturer to self-determine if their app actually needs a privacy policy. A privacy policy link is only expressly required in the field, under the following conditions:

Privacy policy URLs are required for all apps that offer auto-renewable or free subscriptions and for apps that are set to Made for Kids. Customers see this URL on their invoice and on the subscription confirmation email they receive. The URL can specify a localized site.

Include the entire URL, including the protocol.

Note that if your app is set to Made for Kids, you need to specify a Privacy policy URL for each localization provided for the app.[xxxii]

Apple does not offer any free web space hosting for the privacy policy text of the apps submitted or accepted in the iOS App Store.

5.2. Data Privacy responsibility of the Marketplace as Gatekeepers

Having a closed and curated app Marketplace is advantageous for the smartphone operating system companies (Alphabet Corporation and Apple Corporation), app making companies, and the app consumers. For the Operating System Companies, it guarantees then an additional revenue stream from their cut on all sales from their respective Marketplaces. For the App Makers, the Marketplace enables them to reach a wide market that they normally wouldn’t be able to target on their own, and their apps’ inclusion in the Marketplace gives them a certain level of respectability by association with either Alphabet Corporation or Apple Corporation. Finally for the app consumers, it is the convenience of being able to easily browse, purchase, and install an app straight from the smartphone using minimal effort with some perceived assurance that all of these apps underwent a strict submission process to guarantee sooth operations and respect to their personal rights from the App Marketplace.

5.3. Necessity of a privacy policy for healthcare apps

While both app Marketplaces clearly place a high importance on the privacy rights of its users, the implications of this study shows that there is a big room for improvement when it comes to ensuring that app makers adhere to their guidelines on privacy policies. Healthcare apps are by its very nature, dealing with personal information, sensitive data that when not handled prudently could infringe on users privacy. A privacy policy will probably be the only document available to the app consumer to inform on how personal data is handled by the healthcare apps, the absence of which causes confusion and insecurity, as well as increase in the possibility of abuse. It is the duty of the app makers to make clear on how they handle the personal data of their users, and for the Marketplace to proactively validate the existence of these privacy policies.

6. Conclusion

Clearly, the lack of privacy policies for the Medical and Health & Fitness apps of both the Android and iOS ecosystems are troubling. Even just the most basic safeguard of being able to read a privacy policy before purchasing an app (free or otherwise) is very low at 64% for the Android Play Store and 41% for the iOS App Store. Adding the to the barrier of understanding lies the average length of each policy, calculated at 9.46 minutes per policy, a very time-consuming endeavor with no guarantee that the privacy policy text can be easily understood. Furthermore, eve if the end-user is able to find an app that satisfies his/her privacy policy requirements, the chances that the policy statement is not dated is around 67%. The options then becomes even more limited and with only 33% of the studied apps have their manufacturer’s contact information, any form of feedback or clarification becomes very difficult.

With the growing reliance for wearable health technology, and smartphone enabled healthcare apps, a clearer mandate on how privacy policies are implemented is needed. Should the urgency and responsibility be placed in the marketplace system, seeing that they are the direct sellers of the apps? Should it be forced upon the apps manufacturers, who hold the final responsibility for privacy right violations? Or is the national government where the end-user is purchasing the healthcare app, as part of its responsibility to protect its citizens and residents? Questions such as these needs to be addressed.

The smart phone app marketplace is a good place to start being serious with privacy concerns, and stricter privacy policies guidelines are an obvious way to start. Having international app sellers engaged in personal data, who are mostly concerned about their own country’s privacy laws will soon be unacceptable. What might be allowed in one country might be different in another; a single language will no longer be enough in dealing with this increasingly international business environment. As it stands, there is a glaring lack of any privacy policy in healthcare apps in both Android and iOS app marketplaces.


[i] Statistics data from last accessed September 30, 2017.

[ii] Application programs, further limited to smartphone application programs for the purposes of this study.

[iii] Smartwatches enable the apps installed to monitor the fitness of the wearer through activity counters, sleep patterns, heart-rate measurement, location functions, among others.

[iv] Data for the number of active smartphones in Japan from last accessed September 30 2017.

[v] Data for the iOS App Store revenue for 2017. last accessed January 10, 2018.

[vi] Data for 2017 total app revenue. last accessed January 20, 2018.

[vii] “The Right to Privacy”, Warren and Brandeis, Harvard Law Review Vol. IV December 15, 1890 No. 5

[viii] ibid. Warren and Brandeis quoting Judge Cooley’s decision from Cooley on Torts, 2d ed., p. 29. [p. 195 Note 4 in original.]

[ix] ibid

[x] Tokyo Dist. Ct., 1962 (wa) 1882 (Sept. 28, 1964), 15 KAMINSHŪ 9, 2317.

[xi] S. Ct., 1965 (A) No. 1187, 23 KEISHŪ 12, 1625 (Dec. 24, 1969),

[xii] A maximum limit was set to include up to the top 50 most popular apps.

[xiii] For example: 1. If personal information is being collected. 2. How information is collected? 3. How the information will be used? 4. How long will the information be kept? 5. What is the level of control a data subject has over his/her own personal data? 6. Other relevant information such as legal guarantees as well as anonymization of personal data, etc.

[xiv] The app Marketplace information was accessed on September 1, 2017. It is highly likely that the listing of the apps would have changed since the study was conducted to when this paper is published.

[xv] Microsoft Windows Mobile and Blackberry BBM has been steadily losing their market share in the mobile Operating System. Microsoft has since abandoned their Windows Mobile and Blackberry has shifted its efforts to the Android ecosystem.

[xvi] From last accessed September 30, 2017.

[xvii] The .4% figure is considered by the researcher to be an acceptable rate of exclusion and is not seen as being able to drastically change the findings of the study.

[xviii] Example: Nike Inc., Under Armour Inc., Runtastic, Recruit Holdings Inc, Benesse Corp., Sony Corp., among others.

[xix] Aleecia M. McDonald and Lorrie Faith Cranor . I/S A Journal of Law and Policy for the Information Society, Vol. 4:3 pp 543-568.

[xx] Lifehacker website “Usable Privacy Shows you what Privacy Policies Actually Mean, in Plain English” by Alan Henry 3/20/2016.

[xxi] The reading speed of a normal adult Japanese is 400-600 characters per minute. In the study’s computation, the lower end of the range was used due to the complexity of how privacy policies are written. The reading speed of an adult Japanese was sourced from last accessed September 30 2017

[xxii] Using the same computations of 250 words per minutes from the Article “The cost of reading Privacy Policies” by Aleecia M. McDonald and Lorrie Faith Cranor . I/S A Journal of Law and Policy for the Information Society, Vol. 4:3 pp 543-568,.

[xxiii] According to last accessed September 30, 2017.

[xxiv] Act on the Protection of Personal Information last accessed September 30, 2017.

[xxv] add something here

[xxvi] From Google privacy policies website. last accessed September 30, 2017.

[xxvii] From Android developer best practice website. last accessed September 30, 2017.

[xxviii] From Google Android developer guidelines website. last accessed September 30, 2017.

[xxix] From App Developer Terms and Conditions website of Apple Corporation. last accessed September 30, 2017

[xxx] From Apple Corporation iOS Program Information website. last accessed September 30, 2017.
[xxxi] From Apple Corporation developer App Store Guidelines. last accessed September 30 2017.

[xxxii] ibid