Privacy in reproductive health apps

Why you shouldn’t trust a random period-tracking app, and what to look out for when choosing one.

Period-tracking apps share your data

Reproductive health apps have long since ceased to be a simple online menstrual cycle calendar. Now they’re much more than that: today’s apps monitor changes in the body from first menstruation to menopause, help prepare for pregnancy (or prevent an unwanted one), and much else besides. Formerly mostly electronic replacements for paper calendars and notepads, they’ve become an important tool for spotting signs of mental and physical health issues in the early stages.

To get the most out of a reproductive health app, the user must regularly provide a lot of personal information about their condition that they sure wouldn’t want to become public knowledge. And so the question arises: to what degree can you trust the developers of such applications and devices? Unfortunately, the answer isn’t exactly reassuring.

Tarnished reputation

Blind faith in reproductive health apps is not recommended, because developers have repeatedly betrayed the trust of users. In 2020 we wrote about two quite popular apps — Maya and MIA — that shared users’ personal information with Facebook.

Generally, apps can share their data with third parties for marketing, research, or other purposes after getting the user’s consent. Usually users give this consent by accepting the privacy policy. The problem is that Maya and MIA linked up to analytics platforms when first launched, and these forwarded private data to the aforementioned social network. In other words, it happened before the user was even given the chance to read the privacy policy and agree (or not) to the transfer of their data.

Maya and MIA are not the only apps accused of neglecting user privacy. In September 2020 journalists at The Wall Street Journal analyzed the data-sharing activity of a number of apps. It revealed that Flo, another major reproductive health application, shared information directly related to users’ health (for example, date of menstruation onset or start of pregnancy planning) — again with Facebook.

But why does a major corporation need all this information, and should it bother you anyway? First of all, some data (pregnancy-related, for example), can be useful for more accurate targeted advertising. Advertising targeting pregnant people costs ten times more, as they’re likely planning on spending a lot on new stuff they’ll need for the new addition to the family. Second, even for those who don’t see targeted advertising as a bad thing, the disclosure of such intimate information can impact the cost of health insurance, potential employment, and more.

The issue of data-sharing by reproductive health apps escalated this year with the U.S. Supreme Court’s overturning of the Roe v. Wade ruling, which guaranteed people in the U.S. the right to an abortion. As a consequence of this decision, several states immediately criminalized abortion. It also sparked a debate about data protection in period tracking apps. The fear is that companies could be asked to hand over users’ health data to law enforcement agencies. If such a request were granted, the information could be used as evidence in court.

Okay, so what do I do?

All this has inevitably prompted a wave of studies on reproductive health-app security. For example, the Mozilla Foundation analyzed the security and privacy of 25 popular apps and devices with the relevant features. So surely that’s the solution right there: simply consult such a list, choose the most secure option, and that’s it. Unfortunately, the privacy policy and security features of a single reproductive health app may differ from country to country — that is, there’s no definitive data on all the apps because it depends on the region you live in. For this reason, we’ve tried to compile some general tips to help you choose the safest app.

Read the privacy policy

Before downloading an app and feeding it very private information about yourself, it’s vital that you read the privacy policy. This can be found in the app description in the App Store and on Google Play — usually somewhere at the bottom of the page.

Admittedly, this is no fun: it’s likely to contain legalese. But when it comes to your reproductive health, we strongly advise that you take the time to go through it. And in doing so, pay attention to the following details:

  • How and where the app stores the information it collects. There are two possibilities: directly on your device, or somewhere on the developer’s servers. The former is definitely preferable.
  • If the app of your choice does store data on a server, it’s important to look at what information about you it intends to (and probably will) use for marketing and research purposes. Make sure this data is not directly health-related.
  • It’s also good if the app gives assurances to share your data with analytics platforms only in anonymized form. Sure, data anonymization is another gray area, and experts often note that new techniques make it possible to re-identify users. All the same, it does offer some kind of privacy protection.
  • It’s not uncommon for app privacy policies to refer to specific laws. If so, look up some information about them. For example, it’s a good sign if the app’s policy says it complies with the EU’s General Data Protection Regulation (GDPR).

Check apps’ reputations

You may find the current privacy policy satisfactory, but it’s useful all the same to investigate the app’s background. Maybe it used to share users’ health data (like Flo did) or suffered a major leak. Of course past mistakes don’t mean the app can never be trusted again. But if there are any foul-ups, it’s important to find out how the developers responded, and whether they took appropriate measures to prevent a recurrence.

Ensure login security

An app needs to password or biometric authentication. After all, if your phone fell into the wrong hands, a stranger would have access to your very personal data. Moreover, having a password can help out in case of reproductive abuse. And it’s a bonus if the app checks the strength of your password. For example, the Mozilla Foundation, in its assessment of reproductive health apps and devices, looked to see if they allowed weak passwords, such as “0000”. Indeed, in a program you’ll entrust with a lot of private data, it’s better to set a strong password.

Decide what you don’t want to share

Think about what kind of data period-tracking apps generally need. Besides a simple calendar for recording your menstrual cycle, they usually offer to monitor associated symptoms, and assist with pregnancy planning (or, conversely, contraception). It’s important to understand what data the app really requires for your specific needs. For example, if an app with which you’re trying to plan a pregnancy is interested in your preferences in manicure, most likely it shouldn’t be trusted.

Be careful with external links

The authors of almost every application integrate links to resources of external partners. As regards, reproductive health apps, these can be, among others, online stores or medical institutions. Remember that the program’s privacy policy doesn’t apply to them. So, when following external links — even from a trusted app — be on your guard.

So, what to choose?

Selecting the right reproductive health application is no easy task and requires a fair bit of research. If you lack the time or inclination, you could do far worse than heeding the advice of those who’ve already investigated the topic. For example, among the apps studied by the Mozilla Foundation, the standout is Euki, created by the international non-profit Women Help Women. It meets all the criteria we’ve touched upon, and has other interesting privacy features to boot.

Kaspersky VPN wins AV-TEST’s performance test and gets the “Approved Virtual Private Network Solution” badge

The Lord of the VPNs

Kaspersky VPN Secure Connection is the clear winner in tests of VPN performance, privacy, and transparency carried out by the independent IT-security research institute AV-TEST, and is recognized as the institute’s “Approved Virtual Private Network Solution”.

Kaspersky VPN wins AV-TEST’s performance test and gets the “Approved Virtual Private Network Solution” badge