Period-Tracking Apps Won’t Say Whether They’ll Hand Your Data Over to Cops
The most popular period and pregnancy-tracking apps are collecting reams of information about their users-and many of them are not doing what's necessary to protect their privacy.
In the weeks since the Supreme Court overturned Roe v. Wade, privacy advocates and experts have worried that the data collected by apps meant to track pregnancy and periods could be wielded against users looking for illegal abortions. On Wednesday, Mozilla confirmed many of those fears: Researchers found that most of the period and pregnancy apps they reviewed share information about their users, and offer only vague explanations of when and how much data they will share with law enforcement.
Reproductive health apps collect a lot of very sensitive data. But what we're not seeing is companies stepping up and taking more measures to protect the privacy and security of that information," said Jen Caltrider, the lead researcher on the team behind the report. They're using mostly boilerplate privacy policy language that would apply to a recipe app or an egg-timer app and applying it, in a lot of cases, to these health apps."
In total, of the 25 apps and products Mozilla reviewed, 18 were slapped with its Privacy Not Included" label, indicating that people should be cautious of using them. Eight apps failed to even meet Mozilla's minimum security standards"; several accepted extremely weak passwords, like 1." Mozilla wasn't even able to find a privacy policy for the pregnancy app Sprout-which was recently recommended by Cosmopolitan-and said the app didn't respond to multiple emails.
The Mozilla team also looked into apps like The Bump Pregnancy Tracker & Baby App (which Mozilla says shares user data with soooo many third-parties it's rather heads spinning"), WebMD Pregnancy (which shares, and possibly sells, information on their users to third parties for advertising purposes"), and What to Expect Pregnancy Tracker (which Mozilla commends for, at least, being honest for admitting they plan to sell personal information they collect on you").
Mozilla researchers were also unimpressed by all three apps' stated approach to law enforcement, since their company policies are vaguely worded enough that Mozilla deemed it unclear if they will voluntarily comply with law enforcement requests for data or if they will only surrender data under court order.
At least one app, however, gave a clear answer about how it will handle requests from law enforcement: Ovia, a popular fertility app, indicated it will require that police show up with a subpoena and try to only provide as little info as possible.
A company like Ovia-that's a bigger company and has the resources to put together a plan, a statement, a legal plan for dealing with these," Caltrider said. I worry that some of these smaller apps aren't going to have the legal resources to push back if they get requests from law enforcement for this sort of stuff."
A relatively little-used app known as Euki" was the only one to earn Mozilla researchers' full-throated approval. Aside from storing all information about its users locally-that is, on the device itself-Euki lets users enter in a fake passcode that can trigger a false set of data.
That app was, perhaps unsurprisingly, developed by a group known as Women Help Women, which also supports groups looking to spread knowledge about self-managed abortion.
Mozilla also looked into five wearable products that can collect health information, such as Apple Watches.
Apple has a pretty good track record thus far for the most part of standing up to law enforcement requests, but that's always something to just be worried about," Caltrider said. But we didn't have huge red flags for the wearables other than they do collect a lot of data and it can be used to track you, and if it did fall into the wrong hands, it could be used to track people down who are maybe looking to terminate a pregnancy."
Motherboard has also contacted some of the period tracking apps reviewed by Mozilla and asked them about their policies regarding privacy and handing data over to law enforcement. Responses were mixed, but at least one app-Period Tracker-said that if law enforcement tried to subpoena its private user data in order to convict people for having abortions, the app would rather shut down than be accomplice to this type of government overreach and privacy violation." (Mozilla, which relies on publicly available information and reached out to Period Tracker three times with privacy-related questions, found another statement by the app that suggested it could share data with law enforcement. That statement, Mozilla concluded, is a little too vague for our comfort.")
However, period and pregnancy apps aren't the only ways that people looking to end their pregnancies illegally may get caught. Last week, Motherboard reported that cops in Nebraska had used Facebook chats, obtained from Facebook by a court order, to build a case against a 17-year-old and her mother after an alleged self-managed abortion.
The legal advocacy group If/When/How also recently found that, between 2000 and 2020, law enforcement has investigated or arrested at least 61 people for allegedly ending their own pregnancy or helping someone else do so. In 45 percent of cases, health care providers or social workers tipped off police; in another 26 percent of cases, individuals entrusted with information" alerted the cops. If/When/How didn't find a single example of cops using data from period tracking apps to catch people.
The research really clearly confirms that the biggest threat to the privacy of abortion seekers is other people," Laura Huss, senior researcher for If/When/How, told VICE News.
The best way to avoid having your data get collected by an app is, of course, to not use one in the first place-but Caltrider recognizes that going analogue isn't exactly popular these days.
I know reading privacy policies is awful and hard to understand," Caltrider said. If you're using this to try and get pregnant or try and avoid getting pregnant, be careful. Don't share any more than what you need. Don't give them any more than the bare minimum."