Fertility apps share sensitive information: “Very insecure”

A majority of the most popular fertility apps collect and share sensitive data – without users’ knowledge or approval. It shows a study from Umeå University and Newcastle University.

In the fertility apps, users can enter information related to both privacy and health, such as information about abortions, infertility and pregnancy. Although they contain sensitive data, most of the apps are sorted under the category “Health and exercise” in the Android phones’ app store Google Play.

Researchers Teresa Almeida, Department of Informatics at Umeå University, and Maryam Mehrnezhad, Newcastle University’s School of Computing, have analyzed confidentiality notices and data tracking methods in 30 free fertility apps.

Read more: Large security gap in Stockholm City’s IT system – vulnerable to attacks

The apps allowed users to regularly report private information such as mental state, body temperature, sexual activity, orgasms and other health information, and the researchers were able to see that the majority of them did not comply with the requirements of the EU Data Protection Regulation (GDPR).

Sharing data further

The apps also enabled tracking software immediately after they were installed, even if the user had not approved the privacy notices.

“The information that users enter is stored in a very insecure way and the default settings mean that the app can share data without the user’s consent. This makes users vulnerable and exposed in a way that they do not realize. For example, information about an abortion can reach unauthorized and thus pose a risk to the user “, says Teresa Almeida in a press release.

Maryam Mehrnezhad and Teresa Almeida are researchers at Newcastle University and Umeå University, respectively. Press image. Photo: Umeå University

Tougher control

In order to ensure that users’ personal and often intimate information is not misused, researchers are now calling for stricter control and more accurate categorization of the apps.

“The data is categorized in the GDPR as ‘sensitive personal data’ and should be handled with extra care. Authorities dealing with this type of issue need to become better at understanding the shortcomings of current rules that enable these apps,” said Teresa Almeida.


Boat and mysterious group named in Nord Stream investigation

SOCIETY Web map of the gas line’s route and Rostock marked where a boat involved in the explosions may have left.Björn Hellström A rented boat that left Rostock, Germany, is suspected of being connected to the explosions of the gas pipelines Nord Stream 1 and 2, according to information in several German media. Prosecutors in […]