Some of the most popular reproductive health apps lack strong privacy labels and security practices, according to a report published by Mozilla Wednesday.
Mozilla gave 18 out of 25 reproductive health and fertility apps a “Privacy Not Included” warning label, meaning that these apps collect tons of personal data and then share it widely. Jen Caltrider, the lead at Mozilla’s Privacy Not Included project, said she hopes the report serves as a wake-up call for users who allow these apps to collect health data that could be used against them in a post-Roe world.
"There's going to be a tipping point where it just becomes bad enough that people realize, 'This is a problem that I need to take more seriously,'" Caltrider told Protocol. "Is this a tipping point where people start to realize that our privacy is gone, and it’s starting to have real-world harms?”
The organization looked at period-tracking apps, including Flo, Ovia and Glow, and found that the data that most of these apps collect includes phone numbers, IP addresses and app activity like cycle length, date of last menstrual period and pregnancy due date. The data is used to target ads toward pregnant people and expecting families. It’s also shared with third-party businesses, research institutions and sometimes even employers. Just one app, Euki, earned Mozilla’s “Best Of” badge. The app stores data locally on devices, meaning only the user has access to the information. It also has a two-entry passcode requirement.
Caltrider said the most worrying part of these apps’ data collection practices is that the information can be subpoenaed by law enforcement in abortion-related cases, which is a concern that privacy advocates have raised for some time now. Mozilla found that most apps have “vague boilerplate statements” on when and how much user data could be handed over to officers. “It is so gray right now, what can be shared [with law enforcement],” Caltrider said.
Just last week, Facebook gave Nebraska police private chats in an abortion-related case. (Facebook expanded its end-to-end encryption on Messenger shortly after; the company said that it was unrelated to the case.) Caltrider said there are other ways this data could be used. Anti-abortion protesters could hypothetically get the information from a data broker and harass individual users, she said.
Caltrider added that some companies may not have the legal resources needed to protect the data if it does get subpoenaed by law enforcement in abortion-related cases. Others, like Sprout Pregnancy, don't even list a privacy policy on their website. "Those things feel like red flags to me," she said.
Climate TRACE's data show emissions at the facility-level.Image: Climate TRACE