Abstract
BACKGROUND: With the widespread adoption of smartphones and the increasing demand for convenient access to pharmaceuticals, mobile pharmacy apps that facilitate online medication purchases and provide medication consultation services have rapidly proliferated. These apps require users to consent to the collection of personal information as a prerequisite for utilizing their services, including data such as name, blood type, contact details, medical history, and allergy information. While these mobile pharmacy apps offer significant convenience to patients, they also pose risks to personal privacy and data security. METHOD: Between March 15 and April 30, 2025, we accessed the Android and iOS app stores to find, obtain, and select privacy policies of 174 mobile pharmacy apps that provide pharmaceutical sales and consultation services to the general public, and conducted a comprehensive review of the privacy policies of these mobile pharmacy apps in the Chinese mainland. This analysis aims to facilitate a holistic assessment of data privacy practices within this sector. A compliance evaluation scale based on the Personal Information Protection Law and regulations was developed. We developed a 2-level indicator scale based on the PI life cycle. The scale comprised 5 level-1 indicators (PI collection, PI storage, PI usage and rights, PI processing, PI security and remedies) and 38 level-2 indicators. RESULT: The compliance rate of privacy policies for 174 mobile pharmacy apps is relatively low (mean 67.30%, SD 20.74%), revealing that the vast majority of mobile pharmacy apps did not formulate their privacy policies in accordance with the laws and regulations. Only a minimal number of apps (n = 2) demonstrated a high (100%) compliance rate for privacy policies, with one each from Android and iOS mobile pharmacy apps. Seventy apps (40.23%) had a privacy policy compliance rate below the average (mean 67.30%), with 47 from the Android App Store (47 out of 119, 39.5%) and 23 from the iOS app stores (23 out of 55, 41.82%). CONCLUSION: Our research reveals that the majority of mobile pharmacy apps exhibit low compliance with personal information regulations, particularly in PI storage, sensitive PI protection, automated decision-making, dead user PI protection, and dispute resolution mechanism. Addressing these deficiencies requires proactive intervention and operation from regulatory authorities, the public, and mobile pharmacy apps. SUPPLEMENTARY INFORMATION: The online version contains supplementary material available at 10.1186/s13690-026-01839-w.