{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T05:54:01Z","timestamp":1769925241733,"version":"3.49.0"},"reference-count":55,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:00:00Z","timestamp":1769040000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100004329","name":"The Slovenian Research and Innovation Agency","doi-asserted-by":"crossref","award":["P2-0057"],"award-info":[{"award-number":["P2-0057"]}],"id":[{"id":"10.13039\/501100004329","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2026,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Privacy policies are intended to inform users about how their data is collected and processed, but they are often shaped by legal motivations that can reduce their clarity. This study analyzes English-language privacy policies from medical and health-related apps in 10 Western-influenced countries to assess their readability and vagueness. From an initial dataset of 3,992 policies, 713 were selected for analysis. Readability and vague language were quantified using standard indices. The findings reveal significant regional differences in both readability and vagueness. Notably, shorter policies tended to be less readable but also less vague than longer ones. This study represents a pioneering effort, as it is the first of its kind to specifically address the issue of vagueness in mHealth applications\u2019 privacy policies. The results of this study imply that the privacy policies are way too long and complex to read and too vague to uncover the actual data handling and processing practices.<\/jats:p>","DOI":"10.1007\/s10207-025-01203-z","type":"journal-article","created":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T14:15:45Z","timestamp":1769091345000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Readability and vagueness of privacy policies in mHealth applications: a multi-country analysis"],"prefix":"10.1007","volume":"25","author":[{"given":"Viktor","family":"Taneski","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paul","family":"Schwarz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Leon","family":"Bo\u0161njak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Marina","family":"Tropmann-Frick","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo\u0161tjan","family":"Brumen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,1,22]]},"reference":[{"key":"1203_CR1","unstructured":"EUR-LEX - 02016R0679-20160504 - EN - EUR-LEX. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX%3A02016R0679-20160504 Accessed 2024-11-13"},{"key":"1203_CR2","unstructured":"AB-375 Privacy: Personal Information: Businesses. https:\/\/leginfo.legislature.ca.gov\/faces\/billTextClient.xhtml?bill_id=201720180AB375 Accessed 2024-11-13"},{"key":"1203_CR3","unstructured":"Regulation - 2016\/679 - EN - Gdpr - EUR-Lex. https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj Accessed 2024-11-13"},{"key":"1203_CR4","unstructured":"Caltrider, J., Rykov, M., MacDonald, Z.: It\u2019s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy. https:\/\/foundation.mozilla.org\/en\/privacynotincluded\/articles\/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy\/ Accessed 2024-11-13"},{"key":"1203_CR5","unstructured":"given=Jay, f.: Tesla camera scandal is the latest lesson in dangers of letting companies record you \u2013 aclu (2023)"},{"issue":"12","key":"1203_CR6","doi-asserted-by":"publisher","first-page":"283","DOI":"10.2196\/jmir.2471","volume":"15","author":"B Brumen","year":"2013","unstructured":"Brumen, B., Heri\u010dko, M., Sev\u010dnikar, A., Zavr\u0161nik, J., H\u00f6lbl, M.: Outsourcing medical data analyses: can technology overcome legal, privacy, and confidentiality issues? J. Med. Internet Res. 15(12), 283 (2013). https:\/\/doi.org\/10.2196\/jmir.2471","journal-title":"J. Med. Internet Res."},{"issue":"5","key":"1203_CR7","doi-asserted-by":"publisher","first-page":"33735","DOI":"10.2196\/33735","volume":"10","author":"N Alfawzan","year":"2022","unstructured":"Alfawzan, N., Christen, M., Spitale, G., Biller-Andorno, N.: Privacy, data sharing, and data security policies of women\u2019s mhealth apps: scoping review and content analysis. JMIR Mhealth Uhealth 10(5), 33735 (2022). https:\/\/doi.org\/10.2196\/33735","journal-title":"JMIR Mhealth Uhealth"},{"key":"1203_CR8","doi-asserted-by":"publisher","first-page":"37329","DOI":"10.2196\/37329","volume":"7","author":"M Sweeney","year":"2023","unstructured":"Sweeney, M., Barton, W., Nebeker, C.: Evaluating mobile apps targeting older adults: descriptive study. JMIR Form Res 7, 37329 (2023). https:\/\/doi.org\/10.2196\/37329","journal-title":"JMIR Form Res"},{"issue":"1","key":"1203_CR9","doi-asserted-by":"publisher","first-page":"32104","DOI":"10.2196\/32104","volume":"10","author":"A Sengupta","year":"2022","unstructured":"Sengupta, A., Subramanian, H.: User control of personal mhealth data using a mobile blockchain app: design science perspective. JMIR Mhealth Uhealth 10(1), 32104 (2022). https:\/\/doi.org\/10.2196\/32104","journal-title":"JMIR Mhealth Uhealth"},{"key":"1203_CR10","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-319-60585-2_27","volume-title":"Advances in Human Factors in Cybersecurity","author":"A Moallem","year":"2018","unstructured":"Moallem, A.: Do you really trust \u201cprivacy policy\u2019\u2019 or \u201cterms of use\u2019\u2019 agreements without reading them? In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, pp. 290\u2013295. Springer, Cham (2018)"},{"key":"1203_CR11","doi-asserted-by":"publisher","unstructured":"McClure, G.M.: Readability formulas: Useful or useless? IEEE Transactions on Professional Communication PC-30(1), 12\u201315 (1987) https:\/\/doi.org\/10.1109\/TPC.1987.6449109","DOI":"10.1109\/TPC.1987.6449109"},{"key":"1203_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.jml.2019.104047","volume":"109","author":"M Brysbaert","year":"2019","unstructured":"Brysbaert, M.: How many words do we read per minute? a review and meta-analysis of reading rate. J. Mem. Lang. 109, 104047 (2019). https:\/\/doi.org\/10.1016\/j.jml.2019.104047","journal-title":"J. Mem. Lang."},{"issue":"2\u20133","key":"1203_CR13","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1017\/S0140525X10000725","volume":"33","author":"J Henrich","year":"2010","unstructured":"Henrich, J., Heine, S.J., Norenzayan, A.: Beyond weird: towards a broad-based behavioral science. Behav. Brain Sci. 33(2\u20133), 111\u2013135 (2010). https:\/\/doi.org\/10.1017\/S0140525X10000725","journal-title":"Behav. Brain Sci."},{"key":"1203_CR14","doi-asserted-by":"publisher","unstructured":"Bhatia, J., Breaux, T.D., Reidenberg, J.R., Norton, T.B.: A theory of vagueness and privacy risk perception. In: 2016 IEEE 24th International Requirements Engineering Conference (RE), pp. 26\u201335 (2016). https:\/\/doi.org\/10.1109\/RE.2016.20","DOI":"10.1109\/RE.2016.20"},{"key":"1203_CR15","unstructured":"DuBay, W.H.: The principles of readability. Online Submission (2004)"},{"key":"1203_CR16","unstructured":"Klare, G.R., et al.: Measurement of readability (1963)"},{"key":"1203_CR17","unstructured":"Laughlin, G.H.M.: Smog grading-a new readability formula. Journal of Reading 12(8), 639\u2013646 (1969). Accessed 2022-11-21"},{"key":"1203_CR18","unstructured":"Dale, E., Chall, J.S.: A formula for predicting readability. Educational Research Bulletin 27(1), 11\u201328 (1948). Accessed 2022-11-21"},{"key":"1203_CR19","unstructured":"McCall, W.A., Schroeder, L.C.: McCall-Crabbs Standard Test Lessons in Reading, Book AF. Teacher\u2019s Manual. Teachers College Press, ??? (1979)"},{"key":"1203_CR20","doi-asserted-by":"publisher","unstructured":"Fabian, B., Ermakova, T., Lentz, T.: Large-scale readability analysis of privacy policies. In: Proceedings of the International Conference on Web Intelligence. WI \u201917, pp. 18\u201325. Association for Computing Machinery, New York, NY, USA (2017). https:\/\/doi.org\/10.1145\/3106426.3106427","DOI":"10.1145\/3106426.3106427"},{"key":"1203_CR21","unstructured":"Ermakova, T., Fabian, B., Babina, E.: Readability of privacy policies of healthcare websites (2015)"},{"issue":"3","key":"1203_CR22","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1037\/h0057532","volume":"32","author":"R Flesch","year":"1948","unstructured":"Flesch, R.: A new readability yardstick. J. Appl. Psychol. 32(3), 221 (1948)","journal-title":"J. Appl. Psychol."},{"key":"1203_CR23","doi-asserted-by":"crossref","unstructured":"Kincaid, J.P., Fishburne, R.P., Jr., Rogers, R.L., Chissom, B.S.: Derivation of new readability formulas (automated readability index, fog count and flesch reading ease formula) for navy enlisted personnel. Technical report, Naval Technical Training Command Millington TN Research Branch (1975)","DOI":"10.21236\/ADA006655"},{"key":"1203_CR24","unstructured":"Smith, E.A., Senter, R.: Automated Readability Index vol. 66. Aerospace Medical Research Laboratories, ??? (1967)"},{"issue":"2","key":"1203_CR25","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1037\/h0076540","volume":"60","author":"M Coleman","year":"1975","unstructured":"Coleman, M., Liau, T.L.: A computer readability formula designed for machine scoring. J. Appl. Psychol. 60(2), 283 (1975)","journal-title":"J. Appl. Psychol."},{"key":"1203_CR26","unstructured":"Gunning, R., et al.: Technique of clear writing (1952)"},{"key":"1203_CR27","unstructured":"H\u00fcbner, U., Sax, U., Prokosch, H.-U.: German Medical Data Sciences: a Learning Healthcare System: Proceedings of the 63rd Annual Meeting of the German Association of Medical Informatics, Biometry and Epidemiology (gmds eV) 2018 in Osnabr\u00fcck, Germany\u2013GMDS 2018 vol. 253. IOS Press, Amsterdam (2018)"},{"key":"1203_CR28","unstructured":"Chall, J.S., Dale, E.: Readability Revisited: The New Dale-Chall Readability Formula. Brookline Books, ??? (1995)"},{"key":"1203_CR29","doi-asserted-by":"publisher","unstructured":"Costante, E., Sun, Y., Petkovi\u0107, M., Hartog, J.: A machine learning solution to assess privacy policy completeness: (short paper). In: Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society. WPES \u201912, pp. 91\u201396. Association for Computing Machinery, New York, NY, USA (2012). https:\/\/doi.org\/10.1145\/2381966.2381979","DOI":"10.1145\/2381966.2381979"},{"key":"1203_CR30","first-page":"543","volume":"4","author":"AM McDonald","year":"2008","unstructured":"McDonald, A.M., Cranor, L.F.: The cost of reading privacy policies. Isjlp 4, 543 (2008)","journal-title":"Isjlp"},{"issue":"9","key":"1203_CR31","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1145\/1284621.1284627","volume":"50","author":"I Pollach","year":"2007","unstructured":"Pollach, I.: What\u2019s wrong with online privacy policies? Commun. ACM 50(9), 103\u2013108 (2007). https:\/\/doi.org\/10.1145\/1284621.1284627","journal-title":"Commun. ACM"},{"issue":"2","key":"1203_CR32","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1109\/TEM.2005.844927","volume":"52","author":"JB Earp","year":"2005","unstructured":"Earp, J.B., Anton, A.I., Aiman-Smith, L., Stufflebeam, W.H.: Examining internet privacy policies within the context of user privacy values. IEEE Trans. Eng. Manage. 52(2), 227\u2013237 (2005). https:\/\/doi.org\/10.1109\/TEM.2005.844927","journal-title":"IEEE Trans. Eng. Manage."},{"key":"1203_CR33","doi-asserted-by":"publisher","unstructured":"Wilson, S., Schaub, F., Dara, A.A., Liu, F., Cherivirala, S., Giovanni\u00a0Leon, P., Schaarup\u00a0Andersen, M., Zimmeck, S., Sathyendra, K.M., Russell, N.C., Norton, T.B., Hovy, E., Reidenberg, J., Sadeh, N.: The creation and analysis of a website privacy policy corpus. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp. 1330\u20131340. Association for Computational Linguistics, Berlin, Germany (2016). https:\/\/doi.org\/10.18653\/v1\/P16-1126 . https:\/\/aclanthology.org\/P16-1126","DOI":"10.18653\/v1\/P16-1126"},{"key":"1203_CR34","unstructured":"Harkous, H., Fawaz, K., Lebret, R., Schaub, F., Shin, K.G., Aberer, K.: Polisis: Automated analysis and presentation of privacy policies using deep learning. In: 27th USENIX Security Symposium (USENIX Security 18), pp. 531\u2013548. USENIX Association, Baltimore, MD (2018). https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/harkous"},{"key":"1203_CR35","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1016\/j.esp.2016.10.001","volume":"45","author":"S Li","year":"2017","unstructured":"Li, S.: A corpus-based study of vague language in legislative texts: strategic use of vague terms. Engl. Specif. Purp. 45, 98\u2013109 (2017). https:\/\/doi.org\/10.1016\/j.esp.2016.10.001","journal-title":"Engl. Specif. Purp."},{"key":"1203_CR36","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1016\/j.esp.2018.11.001","volume":"53","author":"S Li","year":"2019","unstructured":"Li, S.: Communicative significance of vague language: a diachronic corpus-based study of legislative texts. English for Specific Purposes 53, 104\u2013117 (2019). https:\/\/doi.org\/10.1016\/j.esp.2018.11.001","journal-title":"English for Specific Purposes"},{"key":"1203_CR37","unstructured":"Steinberger, R., Pouliquen, B., Widiger, A., Ignat, C., Erjavec, T., Tufis, D., Varga, D.: The jrc-acquis: a multilingual aligned parallel corpus with 20+ languages. CoRR abs\/cs\/0609058 (2006) arXiv:cs\/0609058"},{"key":"1203_CR38","unstructured":"Liu, F., Fella, N.L., Liao, K.: Modeling language vagueness in privacy policies using deep neural networks. CoRR abs\/1805.10393 (2018) arXiv:1805.10393"},{"key":"1203_CR39","doi-asserted-by":"crossref","unstructured":"Lebanoff, L., Liu, F.: Automatic detection of vague words and sentences in privacy policies. CoRR abs\/1808.06219 (2018) arXiv:1808.06219","DOI":"10.18653\/v1\/D18-1387"},{"issue":"1","key":"1203_CR40","doi-asserted-by":"publisher","DOI":"10.2196\/mhealth.7626","volume":"6","author":"G Das","year":"2018","unstructured":"Das, G., Cheung, C., Nebeker, C., Bietz, M., Bloss, C.: Privacy policies for apps targeted toward youth: descriptive analysis of readability. JMIR mHealth and uHealth 6(1), e7626 (2018). https:\/\/doi.org\/10.2196\/mhealth.7626","journal-title":"JMIR mHealth and uHealth"},{"key":"1203_CR41","doi-asserted-by":"publisher","unstructured":"Farooq, E., Nawaz UI\u00a0Ghani, M.A., Naseer, Z., Iqbal, S.: Privacy policies\u2019 readability analysis of contemporary free healthcare apps. In: 2020 14th International Conference on Open Source Systems and Technologies (ICOSST), pp. 1\u20137 (2020). https:\/\/doi.org\/10.1109\/ICOSST51357.2020.9332991","DOI":"10.1109\/ICOSST51357.2020.9332991"},{"issue":"7","key":"1203_CR42","doi-asserted-by":"publisher","DOI":"10.2196\/mhealth.9871","volume":"6","author":"AC Powell","year":"2018","unstructured":"Powell, A.C., Singh, P., Torous, J.: The complexity of mental health app privacy policies: a potential barrier to privacy. JMIR mHealth and uHealth 6(7), e9871 (2018). https:\/\/doi.org\/10.2196\/mhealth.9871","journal-title":"JMIR mHealth and uHealth"},{"key":"1203_CR43","doi-asserted-by":"crossref","unstructured":"Cadogan, R.A., et al.: An imbalance of power: the readability of internet privacy policies. Journal of Business & Economics Research (JBER) 2(3) (2004)","DOI":"10.19030\/jber.v2i3.2864"},{"key":"1203_CR44","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/978-3-030-49669-2_22","volume-title":"Data and Applications Security and Privacy XXXIV","author":"B Krumay","year":"2020","unstructured":"Krumay, B., Klar, J.: Readability of privacy policies. In: Singhal, A., Vaidya, J. (eds.) Data and Applications Security and Privacy XXXIV, pp. 388\u2013399. Springer, Cham (2020)"},{"key":"1203_CR45","unstructured":"Android apps on Google play. https:\/\/play.google.com\/store\/games. Accessed: 2022-11-23"},{"key":"1203_CR46","unstructured":"Olano, F.: google-play-scraper: node.js scraper to get data from Google Play"},{"key":"1203_CR47","unstructured":"Beautifulsoup. https:\/\/pypi.org\/project\/beautifulsoup4\/. Accessed: 2022-11-23"},{"key":"1203_CR48","unstructured":"IP geolocation documentation. https:\/\/ipwhois.io\/documentation. Accessed: 2022-11-23"},{"key":"1203_CR49","unstructured":"Nltk: NLTK source"},{"key":"1203_CR50","unstructured":"Textstat: Python package to calculate readability statistics of a text object - paragraphs, sentences, articles"},{"key":"1203_CR51","unstructured":"May: repsi venture. https:\/\/repsiventure.blogspot.com\/. Accessed: 2022-11-28"},{"key":"1203_CR52","unstructured":"Heart rate monitor. https:\/\/play.google.com\/store\/apps\/details?id=com.repsi.heartrate. Accessed: 2022-11-28"},{"key":"1203_CR53","unstructured":"Saxton, C.: Welcome. https:\/\/inshotapp.com\/website\/collage\/policy.html. Accessed: 2022-11-28"},{"key":"1203_CR54","unstructured":"Body editor - photo editor. https:\/\/play.google.com\/store\/apps\/details?id=breastenlarger.bodyeditor.photoeditor. Accessed: 2022-11-28"},{"key":"1203_CR55","unstructured":"2011 Florida Statutes. Accessed on April 24, 2025. https:\/\/www.flsenate.gov\/Laws\/Statutes\/2011\/627.4145"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01203-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01203-z","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01203-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:07:40Z","timestamp":1769875660000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01203-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,22]]},"references-count":55,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2]]}},"alternative-id":["1203"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01203-z","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,22]]},"assertion":[{"value":"15 January 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflicts of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics and Consent to Participate declarations"}}],"article-number":"35"}}