This not only shifts the burden of risk assessment to individual users, but also makes evaluating the privacy and security of apps difficult to begin with. To do so, we consulted evaluation frameworks pioneered by the Beth Israel Deaconess Medical Center (MIND) and The Digital Standard to arrive at four core questions to guide our study.
Local vs. Cloud Storage
Understanding where companies store your data is pivotal to assessing the privacy risk that comes with using their products. Most popular mobile apps store user data in the cloud—across multiple servers in multiple locations—which allows them to process large amounts of easily recoverable information. It also means that your data is more vulnerable to bad actors. This is why organizations like Givens’ prefer apps that store information directly on users’ devices. If an app stores data directly on your mobile phone, you’ll have more complete control of it. None of the apps reviewed above gave users the option to store their data locally, but Euki and Mozilla Foundation-backed Drip do.
It’s also helpful to know whether data is routinely anonymized (stripped of identifying user information) before being shared with these third parties. However, this isn’t a panacea. Stripped-down data can still lead back to individual users under certain conditions. Machine learning makes this threat even more real, since the technology can speed up shady “re-identification” processes. Despite vowing to refrain from sharing user data themselves, Clue passes on anonymized data to certain third-party research groups. While Stardust expresses a commitment to limiting the information they share with third parties, their policy states it could share information in order to “comply with or respond to law enforcement,” or to protect the “security of the Company.” Ideally, apps are extremely selective with which third-parties they’re willing to share info with—or they don’t share with third-parties at all.
Every app should have established protocols that allow users to delete their personal data from the developers’ systems at will. While many US-based apps include these protocols to comply with the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), users should look out for privacy policies that clearly extend these erasure privileges to all users, regardless of location. Even so this can be tricky, says Givens: “If you’re not a resident of the jurisdiction that the law is covering, there’s no guarantee that they are going to honor it.”
If an app explicitly stores location data (like Period Calendar and Period Tracker do) it presents a greater privacy issue. While three out of the five apps analyzed here didn’t appear to save location data explicitly, each app saves users’ IP addresses, which can be used to determine someone’s general location. Flo, for example, explicitly shares IP addresses with third-parties such as AppsFlyer.
Stardust’s practices decouple users’ IP addresses from their health data, which increases security. But critics say their methods fall short of true end-to-end encryption. Regardless, when IP addresses are combined with outside data, such as a user’s search history or even other publicly available information about the user, they can easily reveal that person’s identity and their activities. The CDT and other privacy advocates have warned that users’ text messages and search histories have already been used against them in legal proceedings involving their reproductive health, and the practice is likely to expand.
The Bottom Line
At the end of the day, a period-tracking app like Clue presents users with slightly less risk than apps like Flo, Stardust, Period Calendar, and Period Tracker. However, all five of these apps, chosen for their outsize popularity, falter when compared with more secure options like Euki and Drip, as corroborated by Consumer Reports. Insofar as it’s possible for users to analyze all of their apps according to standards set forth in The Digital Standard, Mhealth Index, and elsewhere, users can make educated decisions about which companies to align with—but evaluating the risks of using specific apps is an imperfect science. In addition to being extremely time consuming and often confusing, it’s nowhere near a suitable replacement for a lack of widespread legal privacy protections available for all Americans.
According to privacy experts like Givens, period-tracking apps represent the tip of the iceberg when it comes to digital privacy and security post-Roe. The CDT recommends that people assess their own risk level in order to determine whether using a period-tracking app is even worth it. In the meantime, taking steps to secure your personal information like text messages and search histories is probably more worthwhile.
For those looking to make a difference, experts recommend advocating directly to tech companies, especially precedent-setting organizations like Google and Meta (formerly Facebook) to demand better individual protections. It’s these corporations that will eventually have to respond to requests from law enforcement for user data, and many already promise to curtail their surveillance (but also lobby aggressively against privacy legislation and regulation). To pave the way for better policy, tech companies should aim to take serious inventory of the data they’re collecting, file transparency reports regularly, and, most importantly, take public stances in defense of privacy rights early and often.