A recent study from the BMJ found that many popular health apps share more data with advertisers than they probably should. The researchers analyzed 24 Android apps with scripts that simulate real world usage, and found that 19 of them shared potentially sensitive user data with 55 "unique entities." 14 of the apps transmitted the data over an unencrypted connection. The researchers stressed that the entities collecting the data not only have the ability to aggregate it with user information from other sources, but that they turn around and sell this information to other 3rd parties, which represents a huge potential privacy violation. Sharing of user data is routine, yet far from transparent. Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom.