Fertility apps share sensitive information: “Very insecure”

A majority of the most popular fertility apps collect and share sensitive data – without users’ knowledge or approval. It shows a study from Umeå University and Newcastle University.

In the fertility apps, users can enter information related to both privacy and health, such as information about abortions, infertility and pregnancy. Although they contain sensitive data, most of the apps are sorted under the category “Health and exercise” in the Android phones’ app store Google Play.

Researchers Teresa Almeida, Department of Informatics at Umeå University, and Maryam Mehrnezhad, Newcastle University’s School of Computing, have analyzed confidentiality notices and data tracking methods in 30 free fertility apps.

Read more: Large security gap in Stockholm City’s IT system – vulnerable to attacks

The apps allowed users to regularly report private information such as mental state, body temperature, sexual activity, orgasms and other health information, and the researchers were able to see that the majority of them did not comply with the requirements of the EU Data Protection Regulation (GDPR).

Sharing data further

The apps also enabled tracking software immediately after they were installed, even if the user had not approved the privacy notices.

“The information that users enter is stored in a very insecure way and the default settings mean that the app can share data without the user’s consent. This makes users vulnerable and exposed in a way that they do not realize. For example, information about an abortion can reach unauthorized and thus pose a risk to the user “, says Teresa Almeida in a press release.

Maryam Mehrnezhad and Teresa Almeida are researchers at Newcastle University and Umeå University, respectively. Press image. Photo: Umeå University

Tougher control

In order to ensure that users’ personal and often intimate information is not misused, researchers are now calling for stricter control and more accurate categorization of the apps.

“The data is categorized in the GDPR as ‘sensitive personal data’ and should be handled with extra care. Authorities dealing with this type of issue need to become better at understanding the shortcomings of current rules that enable these apps,” said Teresa Almeida.


Why is lightning bolt-shaped?

New research explains why lightning moves in steps and takes on its special shape. The answer may lie in the oxygen molecules in the atmosphere. Every second beats approx 100 flashes down the world around. Lightning can contain up to a billion volts and moves in segments of about 50 meters each from the clouds […]