A Start-Up Sees an Opportunity in Diabetes Prevention

There is no doubt that diabetes is a national health crisis â€" and a costly one.

In the United States, diabetes is diagnosed in a person every 17 seconds, according to the medical journal Clinical Diabetes.

Today, one in five health care dollars is spent caring for people with diabetes. A third of Medicare spending goes to treat diabetes and its complications.

That spending is focused on the nearly 26 million Americans who have diabetes. Yet the potentially larger, looming problem is the estimated 79 million who have “prediabetes,” meaning they have elevated glucose levels in their blood and run a high risk of developing the disease.

Anything that can slow the alarming advance of the disease would be a medical triumph, and a potential moneymaker. Omada Health, a San Francisco start-up, certainly hopes so. On Tuesday it is introducing a diabetes prevention program, Prevent, for marketing to the general public.

Omada joins a flurry of young companies that focus on health and wellness programs including Keas, RedBrick Health and Virgin HealthMiles. But these businesses typically sell their offerings to corporations that want to encourage their employees to be healthier and to curb medical bills.

Omada sets itself apart from these other companies, first, by focusing specifically on diabetes, and second, by marketing its program to the general public. The program is intended as the online version of a landmark government-financed project that showed a behavioral weight-loss program could help people prevent diabetes more effectively than medication.

That project, the Diabetes Prevention Program, was a clinical trial sponsored by the Nationa l Institutes of Health. It helped participants improve their eating and exercise regimens, hit a weight-loss goal of 7 percent and reach an exercise target of 150 minutes a week of moderate physical activity, like brisk walking. The people in the 2002 study on average reduced their risk of progressing to diabetes by 58 percent. A 10-year follow-up study recently found the participants had a 34 percent reduced risk.

A major reason that study is relevant today is Obamacare. The Affordable Care Act included a National Diabetes Prevention Program, and the Centers for Disease Control and Prevention is setting up community-based programs modeled after the original N.I.H.-financed project. In a public-private partnership, the C.D.C. and UnitedHealth Group, the big insurer, have sponsored diabetes prevention programs at 178 Y.M.C.A. sites in 23 states.

Omada is positioning itself to ride both the rising national concern about diabetes and the government-backed community efforts. “We're a Web-based program that complements the ground-based programs,” said Sean Duffy, chief executive and co-founder of Omada. “The C.D.C. is catalyzing real efforts to address this problem.”

Omada is a Greek word that Mr. Duffy said most closely translates as “group” in English. “Our model is small-group-based behavior change in health.”

Omada is seeking partnerships with medical providers and insurers, but the product being introduced on Tuesday is for the general public. Its Web site includes a series of questions - about gender, height, weight, physical activity and family history - to help the user determine if he or she is at risk of becoming diabetic.

The four-month program costs $120 a month. At the outset, customers are shipped a scale with a wireless transmitter, and later a pedometer. Participants send in a profile picture, and write a personal introduction to the group. The weight and activity measurements are sent au tomatically to a personalized Web site. Each group has a coach, who makes presentations via Web video and answers questions online.

Groups of about 12 are determined by age, location and body-mass index. “Social connections and accountability lead to success in behavior modification,” Mr. Duffy said. “So you want groups that have a sense of being in a similar state in their lives, going through the experience together.”

Omada ran a 230-person pilot test earlier this year in five cities across the country. On average, the people lost 13.7 pounds, or 6.4 percent, after 16 weeks.

Mr. Duffy, 28, a neuroscience major at Columbia University, worked at Google before deciding to pursue a joint M.D.-M.B.A. program at Harvard. He was on a summer internship at IDEO, the design and innovation consulting firm, working on health care products, when he decided to start the diabetes-prevention venture. (He took a leave from Harvard.)

Another founder is Adrian James, the company's president, who led the medical products division of IDEO's health and wellness practice. The third co-founder is the chief technology officer, Andrew DiMichele, who was an early employee at Lattice Engines, a data analytics company for sales and marketing.

Mr. Duffy said recruiting for the one-year-old start-up had not been a major challenge. “The Valley is full of people who want to use their Web talents to make the world a better place,” he said. “We point them toward health care. It's a really easy message.”

Study Finds Weakness in Google\'s Android Security Service

5:09 p.m. | Updated Adding comment from Google.

2:23 p.m. | Updated Adding comment from Lookout.

In the latest version of the Android operating system, Google added a security tool that is supposed to prevent users from installing harmful software. But an independent study suggests that the feature fails to detect large swaths of malware.

An Android user can turn on Google's new feature, called the “application verification service,” in settings. Once it is flipped on, whenever an app is being installed, the service sends information about the app to Google for verification, and Google responds with a result.

If the service detects a “potentially dangerous app,” it warns the user that the app may harm the device if installed. And if the service detects a “dangerous app,” it simply blocks it from being installed.

Xuxian Jiang, an associate professor of computer science at North Carolina State University, put Google's security service through some tests. He installed 1,260 samples of malware on Google Nexus tablets, and Google's service caught only 193 of them - a detection rate of 15 percent. Mr. Jiang concludes that the service is still immature and has lots of room to improve.

Google says that along with its verification service, it has a security system called Bouncer. Whenever an app is submitted to Google Play, the official Android app store, Bouncer puts it through a simulation on Google's servers to search for hidden malware, spyware and trojans.

Lookout, a mobile security company based in San Francisco, said it had also tested Google's verification service and its results were consistent with Mr. Jiang's. Derek Halliday, a product manager at Lookout, said Google's security tools were relatively new, so their imperfections were not surprising. He noted that Google also recently acquired VirusTotal, a company that offers an online service for detecting malware.

“It signals Google is taking the problem seriously,” Mr. Halliday said. “When Google makes these types of improvements, it's safe to say everyone wins.”

In a statement, a Google spokeswoman said that many of the apps in Mr. Jiang's test were samples used by security researchers, and they are not downloaded by Android users. The company said its application verification service focuses on catching malware that people will actually encounter.

“The Google Play application verification service uses real-world data and multiple detection techniques to protect against Android malware,” the company said in a statement. “We go after threats users are most likely to face, rather than just focusing on an AV test set which m ay not be representative of actual conditions.”

Google did not immediately respond to a request for comment. ZDNet first reported the study.

New Concerns Over Apps for Children

The developer behind Mobbles, a popular free game app for children, temporarily pulled the product from the Apple App store and Google Play store on Tuesday after learning that it was the subject of a complaint to federal authorities by children's advocates.

The app, introduced this year, is an animated, location-based game in which children collect, take care of and trade colorful virtual pets called Mobbles.

On Tuesday, the Center for Digital Democracy, a nonprofit group in Washington, filed a complaint with the Federal Trade Commission, claiming that Mobbles' data collection practices violated the federal Children's Online Privacy Protection Act.

That law requires an operator of a Web site or online service directed at children under 13 to provide notice of its information collection practices. The operator must also obtain verifiable permission from a parent before collecting or sharing personal information like a child's name, e-mail address or physical address.

According to the complaint, the Mobbles app collected personal information from children “without providing any notice to parents and without even attempting to obtain prior, verifiable parental consent.”

In a phone interview on Tuesday, Alexandre Curtelin, co-founder of Mobbles, said that the app did collect users' e-mail addresses and did use their locations for certain game features, but that the app was not directed at those under 13.

“We don't ask for the age of the user,” he said. “So we cannot target users under 13.”

Here's how the app works: The “Catch a Mobble” feature determines a user's location and then shows the user a map of the area. If a Mobble is w ithin a 54-yard radius, a user can catch it by tapping on the creature on the screen. The game also offers rewards â€" like virtual currency it calls “crystals” to pay for in-game purchases - if players provide their e-mail addresses so they can receive a newsletter or if they e-mail their friends about their activities on the game, the complaint said.

The complaint said the game did not notify parents that it collected children's locations and e-mail addresses,  nor did it obtain parental permission for collecting such information. According to the complaint, the Mobbles app did not link to a privacy policy explaining the app's data collection practices, and the Mobbles.com Web site did not post a privacy policy.

In the complaint, the children's advocates also suggested that the game's design raised safety concerns.

“Because children can only catch Mobbles within the green radius, the game encourages the child to wander around the neighborhood to fi nd Mobbles within range,” the complaint said. Because some Mobbles appear only in the evening, the complaint said, “the game encourages children to wander around at night to get close enough to catch an out-of-range Mobble.”

Mr. Curtelin said that the game did employ users' locations so that it could show them whether a virtual creature was in range but that the company did not store that data.

“At no point do we persistently store the data because we don't actually need it,” Mr. Curtelin said. “We didn't want to be in the position of being able to track users.”

A privacy policy on the site now explains that the game collects user names, e-mail addresses, Facebook IDs and locations from registered users. The policy also says the company does not share that data with or sell it to third parties.

By Tuesday afternoon, the Mobbles app was ag ain available on Google Play â€".with a disclaimer stating that the game was not intended for children under 13.

The description of the app on Google Play, however, suggests that Mobbles could appeal to younger children.

“Mobbles are small and fun creatures living around us!” it says. “Catch them in your smartphone and raise them !”

Now the site's privacy policy states that Mobbles is not intended for children under 13. Sites intended for older children are not required to comply with the children's online privacy law.

“Mobbles does not target children (younger than thirteen years of age) for collection of information online, and no one identified to be under the age of thirteen is permitted to create a profile or use the Services,” the site says. “By using the Games, you represent and warrant that you are” at least thirteen years old.

On Monday, the Federal Trade Commission released a study on children's apps in which regulators reported that hundreds of popular apps failed to provide parents with basic information about their data collection practices. The agency declined to name the apps included in its study.