How private is your period-tracking app? Not very, study reveals

Research on more than 20 apps found that the majority collected large amounts of personal data and shared it with third parties

After the fall of federal abortion protections in the US, pressure has mounted on apps that collect pregnancy-related data to preserve people’s privacy. A new study has found many of them do not hold up to scrutiny.

Experts at internet research non-profit Mozilla studied more than 20 pregnancy and period tracking apps for privacy and security features and said the results were grim.

“Most of these products collect vast amounts of personal data, and then share it widely,” said Ashley Boyd, the vice-president of advocacy at Mozilla.

Of the 10 pregnancy apps, 10 period trackers and five wearables reviewed in the study, only seven were deemed to have safe user data and privacy practices. Most collected large amounts of personal data and shared it with third parties such as data brokers and advertisers. The study also examined security practices and found eight apps failed to meet minimum security​ ​standards and allowed weak passwords. Many apps also offered unclear policies surrounding police warrants for user data or made no stance on such requests.

Mozilla has published the report, called Privacy Not Included, for nearly a decade, but its results have taken on new urgency after the supreme court overturned Roe v Wade this summer, effectively ending the right to abortion nationwide. The decision immediately raised concerns about the tech industry’s potential compliance with the criminalization of abortion.

Period tracking apps are used by nearly one in three women in the US, according to a 2019 survey published by the Kaiser Family Foundation, logging large swaths of information about length of menstrual cycle, types of birth control used, and other health issues.

Experts fear this data could be used by law enforcement officials to prosecute people illegally seeking abortion. While there is not yet evidence period tracking data is being used in investigations, other tech companies are already contending with law enforcement requests. Last week, it was revealed a 17-year-old teen and her mother in Nebraska are facing criminal charges after Facebook handed over data including private messages related to an abortion that the girl had obtained illegally.

The majority of the apps studied had “misleading” data-sharing policies and lacked clear guidelines on how data requests from law enforcement would be handled, the study showed.

“Most of these apps share data with a large number of third parties, and that includes everyone from advertisers and Facebook to research partners and law enforcement,” said Mozilla researcher Jen Caltrider. “This raises a lot of questions.”

Mozilla divided the apps into the camps of “not creepy” and “very creepy”, and labeled those carrying significant privacy concerns as “privacy not included”. Only three apps and four wearable devices of the more than 20 surveyed made the cut, including period tracking app Euki and Google’s Fitbit device.

Euki was described as “a sexual and reproductive health app designed with privacy in mind” and does not collect any personal data that could be investigated by law enforcement or obtained by other entities. Other apps were not so clear, the study showed.

“Most of these privacy policies feature very vague statements about whether the app will share data with law enforcement, and those gray areas are going to be increasingly exploited,” Caltrider said.

Researchers are encouraging users to read up before they choose a tracking app, and to avoid apps that collect large amounts of data regardless of what privacy practices they advertise.

“Now more than ever, consumers need to be empowered when it comes to privacy,” the study said.


Kari Paul

The GuardianTramp

Related Content

Article image
Why US women are deleting their period tracking apps
Even before the supreme court decision to overturn Roe v Wade, the trend to ditch the apps began amid fears of prosecution

Flora Garamvolgyi in Los Angeles

28, Jun, 2022 @10:00 AM

Article image
Here's how to protect your internet browsing data now that it's for sale
Congress voted to allow internet service providers to sell your browsing habits to advertisers, but there are a number of options for protecting your history

Olivia Solon in San Francisco

30, Mar, 2017 @7:40 PM

Article image
Twitter blocks government 'spy centers' from accessing user data
ACLU investigation revealed fusion centers could access monitoring tech to target activists and journalists while racially profiling people deemed ‘suspicious’

Sam Levin in San Francisco

15, Dec, 2016 @7:41 PM

Article image
Facial recognition database used by FBI is out of control, House committee hears
Database contains photos of half of US adults without consent, and algorithm is wrong nearly 15% of time and is more likely to misidentify black people

Olivia Solon in San Francisco

27, Mar, 2017 @10:00 AM

Article image
Privacy Shield deal lets US tech firms transfer European customers' data again
After much delay from surveillance concerns, the EU agreed to Privacy Shield, a new data transfer deal that will affect Facebook, Google and other US tech firms

Jemima Kiss and agencies

08, Jul, 2016 @6:43 PM

Article image
Forget Apple's fight with the FBI – our privacy catastrophe has only just begun

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

Cory Doctorow in Los Angeles

04, Mar, 2016 @12:00 PM

Article image
In the wake of Apple v FBI, we need to address some uncomfortable truths
A temporary truce has emerged in the raging battle between Apple and the FBI, but technology fragility and corporate power remain unaddressed

Julia Powles and Enrique Chaparro

29, Mar, 2016 @8:11 PM

Article image
ACLU finds social media sites gave data to company tracking black protesters
ACLU revealed Tuesday that Facebook, Twitter and Instagram gave ‘special access’ to Geofeedia, a controversial social media monitoring company

Sam Levin in San Francisco

11, Oct, 2016 @8:07 PM

Article image
Sorry, techies – I don’t need your gadgets in my vagina
From period trackers to a vaginal sound system, new devices imply that there is something wrong down there that needs to be monitored with constant vigilance

Julia Carrie Wong

01, Jun, 2016 @11:00 AM

Article image
Data company sued by US government amid fears of sensitive location tracking
The lawsuit against data broker Kochava seeks to halt the sale of geolocation data from hundreds of millions of devices

Guardian staff and agencies

29, Aug, 2022 @8:09 PM