It’s often difficult for consumers to get clear, actionable information from companies about the security and privacy of their connected products. That’s why the Mozilla Foundation launched the “Privacy Not Included” buyer’s guide in 2017 with the goal of helping them buy these connected products intelligently and safely. In the latest guide, released Aug. 17, the Mozilla Foundation screens 25 pregnancy and menstrual cycle tracking apps, and alerts on 18 of them.

The Internet is a powerful and fast communication medium. In an ideal world, it could only benefit humanity, but certain abuses have made it a vector for spreading false information, inciting hatred, racism and violence. The Mozilla Foundation is dedicated to keeping the Internet an open, accessible, global public resource and a force for good.

Since 2019, it has focused its work on developing reliable, trustworthy AI. To that end, it is focusing its efforts on three specific areas: transparency, data management, and bias.

Mozilla’s “Privacy Not Included” Buyer’s Guide

For the “Privacy Not Included” guide, the Mozilla Foundation does not test connected technology objects, it examines all publicly available information to see if they meet the privacy and security criteria that consumers have a right to expect.

Its technical expertise has enabled it to create a set of minimum security standards that all products should meet in order to be offered for sale: the use of encryption, automatic security updates, a requirement for strong passwords, a system for managing vulnerabilities and an accessible privacy policy.

The “Privacy Non Included” warning label is given to products that do not meet privacy and security requirements, while the Best Of category is for products that Mozilla approves. The Foundation also created a Creep-O-Meter, a user rating on each product to allow users to share their opinions.

The survey on pregnancy, period and wearable device tracking applications

It is in a particular context that Mozilla published the results of this research on August 17: Bloomberg had revealed the week before that a 17-year-old girl and her mother were prosecuted for illegal abortion in the state of Nebraska. This one had taken place after the overturning of Roe v. Wade, which recognized abortion, the prosecution was able to proceed because Facebook forwarded their private messages to the police.

Mozilla researched ten popular period tracking apps, ten pregnancy tracking apps, and five wearable health and fitness devices that track fertility, including Flo, Glow, Ovia, Period Calendar Period Tracker and My Calendar Period Tracker.

These apps are used by millions of women today for their ease of use and customizability. They track menstrual cycles, ovulation windows and plan or prevent pregnancies, but on the other hand, collect huge amounts of data and are often used to target pregnant and expecting families with numerous ads. In addition, this data is widely shared with third party companies, research institutes…

Most of the apps studied have opaque privacy policies and no clear policy on data sharing practices with law enforcement. For example, Mozilla found that Sprout Pregnancy, which allows women to create personal pregnancy calendars and collects data such as weight, doctor’s appointments, birth plan, and pregnancy logs, does not even have a privacy policy. Eighteen apps were labeled “Privacy Non Included,” eight did not even meet minimum security standards, Euki was the only app that earned a spot in the “Best Of” category.

On the other hand, none of the wearable devices reviewed by Mozilla – Garmin, Fitbit, Apple Watch, Oura Ring, and Whoop Strap – received the Privacy Warning label.

Ashley Boyd, Mozilla’s vice president of advocacy, states:

“Overnight, apps and devices that millions of people trust have the potential to be used to track people seeking abortions. Our research confirms that users should think twice about using most reproductive health apps; their privacy policies are riddled with loopholes and they fail to properly secure intimate data.”

Jen Caltrider, head of Privacy Not Included adds:

“Companies that collect personal and sensitive health information need to be more diligent when it comes to the privacy and security of the personal information they collect, especially now in our post-Roe vs. Wade world in the U.S. Unfortunately, too many of them are not. That’s scary.”

Translated from Données et santé : le guide de l’acheteur de Mozilla alerte sur 18 applications de suivi de grossesse et de règles