Log on to your Apple Store or Google Play account, and you’ll find dozens of apps that say they’ll keep track of your time of the month or that’ll help you know the status of your little bun in the oven. They’re also keeping track of you, and it’s become increasingly apparent since the US The Supreme Court ended the right to safe abortion by overturning Roe v. Wademany companies don’t hesitate to sell your pregnancy info to the highest bidder.
Mozilla privacy researchers dove into 25 appsincluding 10 period trackers, 10 pregnancy tracking apps, and another five health apps that also have pregnancy and period tracking capabilities, to see how willing they are to part with user data, whether it’s for commercial or law enforcement purposes. Of those 25, the company stamped 18 of them with a “privacy not included” stamp.
Most apps were knocked for how they stored user data—through internal servers—as well as privacy policies that mentioned users’ data could be up for grabs. Researchers took into account how much information apps keep track of and whether those applications make specific mention of policies for dealing with law enforcement data requests.
The reports on individual apps were released last week, and Mozilla announced Wednesday that—overall—they found most apps did not have clear guidelines for how they will handle inquiries from cops who might be trying to prosecute women for getting or even seeking an abortion. In a statement, one of the two Privacy Not Included researchers, Misha Rykov, said: “Best practices for privacy by design have existed for a while, but most of the leading reproductive health apps chose to ignore them.”
Of all the 10 pregnancy apps considered, none met researchers’ privacy standards.
G/O Media may get a commission
Back to School
Back to School Month with Govee Sale
Decorate your dorm
You may not be allowed to paint your dorm room walls when you get back to school, but no one can stop you from painting them with light! Govee has a ton of different RGB smart lights on sale just for the occasion as the first week of school approaches.
Jen Caltrider, the head researcher of Privacy Not Included, told Gizmodo in a Zoom interview that some apps were especially egregious. The What to Expect app, which has been praised by sites like Forbes“like[s] to collect as much data as they can, and they like to use that data to sell you as much stuff as they can.” Another, the Maya Fertility appwas dinged for out and out admitting it shares its data for targeted advertising.
“A lot of these companies have very vague language about if they will share this data [with law enforcement]Caltrider said. “They don’t mention if they’re requiring a court order. They don’t clarify if they’re going to do voluntary disclosure.”
These apps share user data with cops if they believe there’s potential harm to their business or to others people. The researcher asked an open but pertinent question: “In states where abortion is now illegal, does that include the fetus?”
Researchers put a special knock against the pregnancy tracking app Sprout Pregnancy, noting that the app had a very bare privacy policy only found deep in Sprout’s terms of service. That’s compared to some of Sprout’s other baby care and period tracking apps that have much better defined policies.
A representative for Sprout told Gizmodo in an email that the app’s privacy policy is displayed when the app is loaded for the first time, and is available on the company’s main page (you may have to squint, it’s very small and short). The company further said that any data requests would need to be submitted to Apple or Google since “all personal data is only stored on the user’s iCloud or Google Drive account only.” Although even the page the company linked to says user data is stored on its own servers, and the company “does not represent or guarantee that your personal information could not become available to third parties.”
On the flip side, researchers tried to include apps that others could aspire to. They proposed users look at the nonprofit Women Help Woman International Foundation’s Euki app because it claims it stores user data locally on devices. Researchers also noted Euki allows users to show fake data in case they’re coerced to open the app.
Apps Have Caught Flak For Open User Data Policies
Mozilla’s not the first organization to try and understand how much data pregnancy-related apps are keeping on their usersand whether they’d be willing to hand over that data to the police to prosecute those seeking an abortion. Other popular apps downloaded millions of times have previously been called out in reports for their open-armed approach to any law enforcement data requests.
That data is also likely to be shared with data brokers. Abortion seekers have had theirs data pawned off and then reconstructed to create a profile that advertisers can use to bombard them with direct marketing. Gizmodo has previously reported on dozens of companies selling information related to pregnancies on the open data market. A good amount of the data these brokers were selling came directly from users who agreed to hand it over when signing up for coupon sites or the like, while others were modeling these user bases through shopping data analysis. Legal experts we spoke to were incredibly concerned how the police or overzealous prosecutors could potentially use this commercial data to prosecute abortion cases.
So is it likely these apps are contributing to online commercial data? Well, it’s hard to determine exactly how data brokers create their user profiles without seeing each company’s individual data gathering mechanisms. Still, Mozilla researchers noted apps like WebMD Pregnancy sell their users’ data for advertising purposes. And of course, law enforcement is interested in online information for the purpose of prosecuting pregnancies. Police recently used information gleaned from Meta to help bring charges against a Nebraska teen and her mother for allegedly committing an “illegal” abortion.
Meta and its premiere social app Facebook have been under the microscope for a while for their open willingness to share user data, and that includes data from pregnancy apps. Researchers noted that the company behind the Flo Ovulation & Period Tracker app caught flak for sharing period data with Facebook and Google. Well, even that bad press hasn’t stopped them from sharing user data for marketing purposes, though its privacy policy does mention it requires user consent.
Even though Flo and other apps have made some announced efforts in the post-Roe age to protect data, there’s just so many ways that user information stored on apps’ internal servers could get out, whether it’s through a leak, law enforcement data request, or a court subpoena.
And even with the constant bad press going around, companies are unlikely to drop the lucrative business of selling consumer data when the pregnancy products market is expected to reach close to $400 million in the next five years.
“Being pregnant and about ready to give birth is a huge marketing segment,” Caltrider said. “You might be comfortable with Facebook knowing when you start your period, if you’re pregnant, or when your due date is. If you’re not, then you should be very careful with what apps you decide to use.”