In a post-Roe world, now that abortion is illegal and restricted in most states, Americans have grown concerned about the privacy protections their favorite period and pregnancy apps provide. It appears that concern is warranted, as a report from Mozilla has found most popular cycle tracking apps don’t protect their users’ privacy at all.
Researchers at the Mozilla Foundation, a non-profit organization best known for the Firefox browser which now works to promote an open internet, analyzed 25 reproductive health apps and wearables that could potentially collect sensitive data and share it with third parties, and that includes authorities who may use it to prosecute people who cross state lines to seek abortions. The report found that the majority of those apps — 18 of them — weren’t clear on what data they would share with law enforcement and when.
The apps that raised those red flags include Clue, Flo, Glow, and Maya Period, Fertility, Ovulation, & Pregnancy. To give you some context on their popularity, Clue was downloaded more than 10 million times from Google Play Store, while Flo was downloaded 50 million times; Glow was downloaded over 1 million times; and Maya was downloaded 5 million times.
“Best practices for privacy by design and by default have existed for a while, but most of the leading reproductive health apps chose to ignore them,” researcher Misha Rykov said in a statement. “This is scary when even the baseline security is shaky in apps used by millions of women post-Roe vs Wade.”
Clue receiving a warning label is shocking because, as a German company, it adheres to the European General Data Protection Regulation law, therefore it’s not subject to U.S. law. Despite assuring its users that it does not sell their data, Mozilla found that Clue’s privacy policy falls short of using a unique identifier and users’ birth dates to track them for advertising and personalization purposes.
Two of the period tracking apps that passed the privacy test are Euki and Natural Cycles. The coolest part about Euki is if you don’t want anyone to see your data upon request, you type “0000” and it’ll display a false screen. As far as wearables go, Mozilla found five of them safe to use, including the Apple Watch, the Oura Ring, the Whoop Strap, and models from Fitbit and Garmin. Apple has an excellent track record of pushing back against data requests from law enforcement.