Period or pregnancy tracking apps are among those that have access to a very large amount of sensitive data. Whether it is information such as the duration of menstruation, the associated symptoms, the method of contraception used, or even the progress of a pregnancy, these applications collect them. And very often, they do not protect them enough, according to a study by the Mozilla Foundation, published on August 17, 2022.
The foundation has tested 25 apps and connected objects, and 18 of these services do not sufficiently respect the confidentiality of user data. The results, disastrous, make it possible to better realize the danger that these apps can pose – especially in countries where abortion is prohibited, and where this data could be used to prosecute women.
Police services could have access to the data
Mozilla analyzed 10 period tracking apps, 10 pregnancy tracking apps and 5 connected objects to collect fertility data. Among them, we find some of the most popular services on the market, such as Flo, Glow, Maya, or even Clue – and their results are very poor.
This first point raised is however particularly crucial. In early August 2022, an American teenager was arrested by police for having an abortion, after Facebook provided her information and private conversations to law enforcement. The story serves to illustrate how the fact that apps do not specify how the data could be used is therefore particularly worrying.
Data is not sufficiently protected
In addition to this, other points worry Mozilla. The amount of data collected is in itself a black point: in addition to tracking the symptoms that occur during menstruation and the means of contraception, some applications also collect information on the frequency of sexual intercourse, the health of users, their work, their activities and even their school career, according to the Mozilla Foundation.
In addition, apps do not always allow you to give informed consent on the amount of data collected. Mozilla even indicates that some of them force users to share information even before they have given their consent.
Finally, despite the extremely sensitive nature of the data, applications do not sufficiently protect it on users’ phones. At least 8 of them did not pass Mozilla’s test because they allowed too weak passwords to access the application, making the data even more accessible.
Clue is also pinned by Mozilla
The full Mozilla remarks and assessment of the apps is available on the foundation’s website. You can find more details for each application and each connected object, including the most worrying points.
Of the 25 services tested by Mozilla, Clue was rated as providing insufficient protection. Numerama has already talked about this German app, and even devoted a survey to it. Our criticisms were not quite the same as Mozilla’s, but we regretted its lack of transparency on a crucial point: the identity of the company in charge of storing the information collected.
If Clue’s servers are managed by a US company, that company is subject to the Cloud Act, which obliges all US-based companies to provide data requested by the authorities. If Clue’s servers are managed by Amazon, then all the protections offered by the GDPR will be useless, and the authorities will be able to seize the data. Clue never answered us on this point, and we therefore still do not know if the information of the users is really protected.
Only one app is certified as safe by Mozilla
In the end, despite all the bad ratings given and the concerns raised, there is still some good news. Connected objects protect the data they collect relatively better, and an application, Euki, has even received congratulations from Mozilla.
The app, which was created by the NGO Women Help Women, does not collect personal information about users: all data is stored directly on the phones. It is also possible to protect access to the app with a pin code — and, bonus, Euki even offers the possibility of entering a code that will display false information on the screen, in order to have as much privacy as possible. .