The 18 best reproductive health apps share their information • The Register

know about The 18 best reproductive health apps share their information • The Register

in details

It’s official: your pregnancy and/or period tracker will likely share your data with law enforcement.

Eighteen of the 25 reproductive health apps and wearable devices reviewed by Mozilla received a *Privacy not included warning label, which means they are problematic when it comes to protecting users’ privacy and security.

This is especially concerning in the post-Roe United States, where this information could be used by law enforcement (or private bounty hunters seeking $10,000 rewards) to arrest women seeking abortion information or services in states where the procedure is now banned, according to Jen Caltrider, a senior researcher at Mozilla.

“I keep coming back to sharing with law enforcement,” Caltrider said in an interview with Register. She pointed to a recent case, in which law enforcement used private Facebook chats between a Nebraska mother and her daughter to build a criminal case against the teen for having a now-illegal abortion in her home state. .

“It’s not exactly the same, but it’s a harbinger of things to come,” Caltrider said. “And it’s really troubling to think that this is the world we live in, and you have to trust the Facebooks and What to Expects and Flos of the world to protect your data.”

For its latest *Privacy Not Included guide (it has compiled several of these to help consumers buy relatively safe and less creepy products and apps that connect to the Internet), Mozilla researchers chose ten popular period-tracking apps, ten pregnancy tracking apps and five health and fitness wearable devices that track fertility.

Eight of the period trackers reviewed (Period Tracker, Clue, Flo, My Calendar Period Tracker, Glow and Eve by Glow, Maya, Ovia Fertility, and Period Calendar Period Tracker) earned a *Privacy Not Included warning label. The two that didn’t are Natural Cycles and Euki, the latter of which was the only app to earn a spot in Mozilla’s “Best Of” category.

“We include Expect – which is a privacy-focused app that has the fewest downloads of any app on our list, unfortunately – because we wanted to highlight a privacy-focused app so people could see what the good looks like in the sea of ​​no so good,” explained Caltrider.

See also  How will the Supreme Court's Dodds decision affect women of color?

Euki does not collect any personal information about users, and all data it requests from users about their reproductive health and sexual history is stored locally on the device. Also, if someone who doesn’t want to see your reproductive health data (for example, a police officer or an abusive partner) asks you to open Euki, entering “0000” when you open the app will display false information.

10 out of 10 pregnancy apps slapped with warning labels

Meanwhile, all ten pregnancy tracker policies got warning labels: Babycenter, What to Expect, The Bump Pregnancy Tracker and Baby app, Pregnancy+, Ovia Pregnancy, PregLife Pregnancy, WebMD Pregnancy, Glow Nurture, and Glow Baby, Pregnancy and Due. Date Tracker and outbreak.

Wearable devices (Garmin, Fitbit, Apple Watch, Oura Ring, and Whoop Strap) performed better, and none of them earned the privacy warning label.

researchers selected Top 25 apps and wearable devices based on the number of downloads and reviews from consumer product websites and magazines, essentially looking for the ones most likely to be used by North American and European consumers.

“The way we chose them was by looking at what was most popular and what would likely help us reach a large audience to help them understand the concerns,” said Caltrider, pointing to Euki as the one exception to this rule.

After choosing the apps and products to review, the team assigned warning labels to those that received two or more warnings on criteria such as how the company uses the data collects, for example, by buying and selling to data brokers.

Mozilla also criticizes companies if they don’t have a clear way of users to delete their data and if they don’t say how long they retain user data. In addition, these guides examine the company’s track record in protecting user data.

Finally, the product must meet Mozilla requirements Minimum security standards.

Despite the highly sensitive nature of the data collected, such as the dates of menstrual cycles, ovulation windows, sexual activity, pregnancies, and miscarriages, at least eight apps did not meet even these minimum standards.

See also  How Big America Is Creating an Abortion Profit

For example, My Calendar Period Tracker and Maya accept a one-digit password like “1”, while Preglife, which requires a minimum of six digits, allows sequential passwords like “111111”.

What will the apps share with the police?

Equally troubling is that most apps don’t have clear guidelines about when and how much user data they will share with US law enforcement. They collect massive amounts of personal data to target users with personalized ads, but this information also can be used to locate women seeking abortions.

The personal information collected includes phone numbers, emails, postal addresses, gender, device IDs, advertising IDs and IP addresses, length of menstrual cycle, date of last menstrual period, sexual activity, expected dates of pregnancy, medical appointments and pregnancy symptoms.

“Most were pretty vague in terms of whether we get a request from law enforcement, can we share data, and sometimes they mention citations,” Caltrider said. “But it was rarely clear whether companies would make a voluntary disclosure to law enforcement, or only disclose data with a court order, and how they limited the scope of law enforcement or government requests.”

Ovia is one of those pregnancy apps that the Mozilla team said does it a good job of explaining how the company handles law enforcement requests for user data. Specifically, it will not voluntarily disclose user data, requires subpoenas or other valid and legally binding court orders, and will not provide data beyond the scope of the request.

But ultimately, the government will be able to see its expiration date as long as the data request comes with a judge’s approval.

Another pregnancy tracking app, Clue, developed in Germany and subject to Europe’s strictest GDPR privacy laws, outlines how the company protects user data from possible subpoenas. But there is a geographical catch.

“With respect to the United States specifically, the information that we and our processors maintain is unlikely to be subject to investigation by a public authority in the US that would invoke such laws that may compel a processor to hand over information The risk of such disclosure, however, cannot be eliminated,” the app states.

It’s also worth noting that Mozilla researchers slapped these two pregnancy apps, Ovia and Clue, with the privacy warning.

anonymize all

Natural Cycles, a birth control app based in Sweden, did not receive the privacy warning label. Caltrider said that when he approached the company, his representatives indicated that the question of what they will share with law enforcement is something they have been wrestling with. Their solution is to completely anonymize all user data so they cannot be shared with the police.

See also  Major reproductive rights groups refuse to recognize their unions

“So it’s interesting and exciting to see how they’re going to pull it off technically,” Caltrider told us. “I hope it’s something that, if they can do it, other companies will replicate.”

In addition to concerns about being arrested for not carrying a fetus to term, there are also more basic privacy issues related to third parties obtaining and then reselling massive volumes of personal information.

Some apps collect additional user data through social media platforms and sell it to data brokers. And according to Mozilla, most of the reviewed apps also shared data for research purposes and, in some cases, with employers.

While none of these are privacy issues specific to abortion, perhaps the US Supreme Court’s decision to overturn Roe v Wade puts a finer point on the ramifications of digital surveillance. The same is happening in other countries that are restricting reproductive rights.

“Is this the tipping point? We started *Privacy Not Included in 2017, and I’ve been a privacy nerd here who wants people to care about privacy and go blank,” Caltrider lamented. “Or I’ll be like, ‘What’s the worst that can happen? These ads follow me and I’m okay with that. What’s the problem?'”

So far, there really hasn’t been much, he admitted. But now that everything from reproductive health apps to smartphones to location trackers to Google searches to Ring Doorbell cameras can be used to build a case about people seeking abortions, it’s a big deal.

Caltrider knows that a common response to this concern is, “I’m not seeking an abortion because it doesn’t affect me.”

“It’s not really hard to think how this could be used in other things like buying weapons or financial things,” he said. “It’s gotten to a point where law enforcement and government can access this data and use it to harass, arrest, prosecute, and it’s terrifying.” ®