Popular Women’s Health Apps May Misuse Your Medical and Fertility Data

Key Points

• Apps designed for female health monitoring often ask for sensitive data about menstruation and pregnancy history, as well as personally identifiable information.
• A new study shows privacy policies for women's health applications don't clearly explain to users how their data is used or shared.
• Researchers indicate the mishandling of medical and fertility data could put women at risk now that there is a total abortion ban in 14 states in the U.S.

When you share or receive details about your menstrual cycles or fertility with a healthcare provider, you can trust that information will be securely protected under state and federal laws.

However, there's not the same guarantee when you share medical and fertility data with a health app.

Here's how to tell if you're using a privacy invader app and how that could impact your safety.

What kind of sensitive information are women's health apps requesting?

Many of the most popular female health monitoring tools may put users at risk through poor data handling practices, indicated a 2024 study.

The study by researchers at University College London (UCL) and King's College London examined 20 of the most popular apps designed for female health monitoring in the United Kingdom and the United States.

Apps to track your period, sexual activity, or ovulation ask for a variety of sensitive health data and personally identifiable information, researchers found.

Examples of this type of personal information include the following:

• First and last name
• Email address
• Phone number
• Start and end dates of menstrual cycles
• Dates of sexual intercourse
• Pregnancy status
• Miscarriage history
• Abortion history

Some apps don't let users delete this data after entry, while others make it difficult to do so, the researchers discovered. Certain apps require a user to input whether they've had a miscarriage or abortion if they want to delete specific information, such as their pregnancy status.

"Requiring users to disclose sensitive or potentially criminalizing information as a pre-condition to deleting data is an extremely poor privacy practice with dire safety implications. It removes any form of meaningful consent offered to users," said lead study author Ruba Abu-Salma, Ph.D., from King's College London, in a statement.

Aside from the information you voluntarily enter, a privacy invader app can collect data from your mobile device, such as your IPS address and information about how you use the app, such as the pages you access.

Some apps link users' sensitive data to external web searches and browsing to collect even more information, which researchers noted could jeopardize users' anonymity and potentially reveal their fertility status.

The study authors found glaring contradictions between the wording in most apps' privacy policies and in-app pages.

For example, 35 percent of apps claimed in their data safety sections that they didn't share personal data with third parties yet described some degree of third-party sharing in their privacy policies.

Researchers also found many so-called "healthtracker" apps didn't transparently explain their data policies. Fifty percent of the apps in the study explicitly stated that they wouldn't share users' health data with advertisers but were ambiguous about what they might do with other data types.

Also, 45 percent of apps claimed they vetted all third-party partners but specifically noted that they did not accept any responsibility for those partners' practices.

Recommended

• How Tech Is Making Menopause a No-Sweat Lifestage: Surprise: Silicon Valley is ready to capitalize on women entering menopause in a multibillion-dollar market.
• Women's Sexual Health Is All-Encompassing: Physical health, mental health, libido and fertility are all key aspects of a healthy sex life.
• Why You Should Definitely be Tracking Your Period: Your period is like a monthly report card, telling you so much about your health.

What do women's health apps do with sensitive data?

There are certain legal restrictions about how companies can use the data they collect, but those constraints can vary by location.

Some healthtracker apps sell data to third parties. For example, a company that sells fertility supplements might purchase data from an app that helps you track ovulation to determine your fertility window to produce targeted ads.

However, even if an app doesn't sell data, it may share some information—such as your IP address and how you use it—to certain third parties for advertising or research and development purposes.

Although that data isn't necessarily sensitive, researchers said the lack of transparency about what specific information is being shared is concerning.

"It could just be, 'Oh, the user logged in.' Or it could also be, 'They opened an article about contraception or pregnancy.' And that could be used to create inferences about users and predictions that are actually quite sensitive," study coauthor Lisa Mekioussa Malki, a computer science researcher at UCL, told Science News.

"It's absolutely not reasonable to expect that the user would have a perfectly airtight understanding just based off reading a privacy policy," Malki said.

In many cases, law enforcement or security forces can access information gathered by these apps.

Researchers noted that only one mobile app privacy policy explicitly addressed the fact that law enforcement could potentially use reproductive health data, also making clear that the company would make its best efforts to protect users from prosecution.

The study authors emphasized how crucial these details are in a post-Roe America.

"There is a tendency by app developers to treat period and fertility data as 'another piece of data' as opposed to uniquely sensitive data which has the potential to stigmatize or criminalize users," Malki said in a statement.

"Increasingly risky political climates warrant a greater degree of stewardship over the safety of users and innovation around how we might overcome the dominant model of 'notice and consent' which currently places a disproportionate privacy burden on users," Malki said.

"Legal threats aren't the only risk of using a privacy invader app," Abu-Salma said. "Other consequences of sensitive data leaks could include workplace monitoring and discrimination, health insurance discrimination, blackmail, stalking and intimate partner violence."

Is it OK to use a health app?

Like wearable exercise technology, reproductive health apps are incredibly popular.

About 50 million women worldwide use period tracking apps, and millions more use similar tools to manage other facets of reproductive and sexual health, shared a 2023 report.

A poll published by the Information Commissioner's Office (ICO) in September 2023 revealed about one-third of women in the U.K. had used period or fertility tracking apps.

A similar survey of 206 women ages 18 to 60 carried out a month later in the U.S. indicated 110 were currently using menstrual tracking apps, while 48 had used them in the past, shared the 2023 survey.

More than one-third of the respondents in the second survey said they'd reconsidered using such apps because of recent events and concerns about data privacy.

Researchers said the onus is on app developers to create more ethical technology, but you can also take measures to avoid using a privacy invader app without giving up these tools entirely.

The Federal Trade Commission (FTC) offers the following tips to stay safe:

• Compare apps: The worst apps for privacy tend to be those that explicitly sell data to third parties or aren't clear about what information they use or share. By contrast, a good mobile app privacy policy should simply explain what kinds of information the app collects and how it uses and shares that data. If the app shares data, it should say why and specify what others can or can't do with it.
• Take control of your sensitive data: Go to the app's settings to see if it gives you control over what information it collects and shares. Default settings usually encourage sharing, but you should be able to opt out of certain things, like providing your location.
• Stay on top of updates: App providers sometimes issue updates to fix privacy or security problems. Keeping your app and phone's operating system up to date can help safeguard your sensitive information.
• Recognize the risks: Sharing sensitive information, including medical and fertility data, always comes with risks. Think carefully about what might happen if someone had access to your data and weigh that against the benefits of using the app. Understanding the laws in your location can help you make an informed decision.
• Report concerns: If you have reason to believe an app isn't upholding its promises to safeguard users, inform the FTC.

There are ways to track female fertility, periods and other aspects of sexual and reproductive health without using apps.

You can, for example, mark the start and end dates of your period on a calendar, keep a journal of menstrual symptoms and use your basal body temperature to monitor fertility (though it isn't an accurate birth control option).

The bottom line

Apps can make many things easier, including monitoring period problems or syncing your workouts with your menstrual cycles. However, they're neither risk-free nor a substitute for medical advice.

Take some time to read through the settings of the app you're using, especially the sections that relate to privacy and data usage.

You may be able to live with any data shared on an aggregate basis, such as "40 percent of our users have their periods in the first 15 days of each month," but you should know if your menstrual cycle details are shared alongside personally identifiable information.