After the fall of federal abortion protections in the US, pressure has increased on apps that collect pregnancy-related data to protect people’s privacy. A new study has found many of them don’t stand up to scrutiny.
Experts at nonprofit internet research firm Mozilla examined more than 20 pregnancy and period-tracking apps for privacy and security features and said the results were grim.
“Most of these products collect large amounts of personal data and then share it with everyone,” said Ashley Boyd, vice president of advocacy at Mozilla.
Of the 10 pregnancy apps, 10 period trackers, and five wearables reviewed in the study, only seven were rated as safe user data and privacy practices. Most collected large amounts of personal data and shared it with third parties such as data brokers and advertisers. The study also examined security practices and found that eight apps failed to meet minimum security standards and allowed weak passwords. Many apps also offered unclear guidelines on user data law enforcement orders, or did not comment on such requests.
Mozilla has been publishing the report, titled “Privacy Not Included,” for nearly a decade, but its findings have taken on new urgency after the Supreme Court overturned the Roe v Wade case this summer, effectively ending abortion rights nationwide. The decision immediately raised concerns about the tech industry’s potential compliance with the criminalization of abortion.
Period tracking apps are used by nearly one in three women in the United States, according to a 2019 survey published by the Kaiser Family Foundation, which collects large amounts of information about the length of the menstrual cycle, the types of birth control used, and other health issues.
Experts fear this data could be used by law enforcement officials to track people illegally seeking an abortion. While there is no evidence yet of time-tracking data being used in investigations, other tech companies are already battling law enforcement requests. Last week, news broke that a 17-year-old Nebraska teen and her mother are facing criminal charges after Facebook leaked data, including private messages, related to an abortion the girl obtained illegally.
The majority of the apps surveyed had “misleading” data-sharing policies and lacked clear policies on how to handle data requests from law enforcement, the study showed.
“Most of these apps share data with a large number of third parties, and that includes everyone from advertisers and Facebook to research partners and law enforcement agencies,” said Mozilla researcher Jen Caltrider. “That raises a lot of questions.”
Mozilla categorized the apps as “not creepy” and “very creepy,” and labeled those with significant privacy concerns as “privacy not included.” Only three apps and four wearable devices out of the more than 20 respondents made it, including period tracking app Euki and Google’s Fitbit device.
Euki has been described as “a sexual and reproductive health app designed with privacy in mind” and does not collect any personally identifiable information that could be investigated by law enforcement or obtained by others. Other apps weren’t as clear-cut, as the study showed.
“Most of these privacy policies are very vague about whether the app will share data with law enforcement, and these gray areas are increasingly being exploited,” Caltrider said.
Researchers encourage users to do their research before choosing a tracking app and avoid apps that collect large amounts of data, regardless of the privacy practices they advertise.
“Now more than ever, consumers need to be empowered when it comes to privacy,” the study says.