Fertility apps share sensitive information: “Very insecure”

A majority of the most popular fertility apps collect and share sensitive data – without users’ knowledge or approval. It shows a study from Umeå University and Newcastle University.

In the fertility apps, users can enter information related to both privacy and health, such as information about abortions, infertility and pregnancy. Although they contain sensitive data, most of the apps are sorted under the category “Health and exercise” in the Android phones’ app store Google Play.

Researchers Teresa Almeida, Department of Informatics at Umeå University, and Maryam Mehrnezhad, Newcastle University’s School of Computing, have analyzed confidentiality notices and data tracking methods in 30 free fertility apps.

Read more: Large security gap in Stockholm City’s IT system – vulnerable to attacks

The apps allowed users to regularly report private information such as mental state, body temperature, sexual activity, orgasms and other health information, and the researchers were able to see that the majority of them did not comply with the requirements of the EU Data Protection Regulation (GDPR).

Sharing data further

The apps also enabled tracking software immediately after they were installed, even if the user had not approved the privacy notices.

“The information that users enter is stored in a very insecure way and the default settings mean that the app can share data without the user’s consent. This makes users vulnerable and exposed in a way that they do not realize. For example, information about an abortion can reach unauthorized and thus pose a risk to the user “, says Teresa Almeida in a press release.

Maryam Mehrnezhad and Teresa Almeida are researchers at Newcastle University and Umeå University, respectively. Press image. Photo: Umeå University

Tougher control

In order to ensure that users’ personal and often intimate information is not misused, researchers are now calling for stricter control and more accurate categorization of the apps.

“The data is categorized in the GDPR as ‘sensitive personal data’ and should be handled with extra care. Authorities dealing with this type of issue need to become better at understanding the shortcomings of current rules that enable these apps,” said Teresa Almeida.


Releated

Saab receives German billion order on radar system

Saab will sell marine radar systems to Germany for SEK 4.6 billion. The defense group Saab has received an order regarding the delivery and integration of marine radar systems and fire control systems to the German Navy. The order is worth about 4.6 billion, according to a press release. The agreement signed with the German […]

Amazon fines billions for gdpr violations

E-commerce giant Amazon has violated the EU’s data protection regulation, which regulates the processing of personal data collection online. The company may therefore be fined EUR 746 million, corresponding to approximately SEK 7.6 billion, according to the company. Amazon is headquartered in Luxembourg, Europe. The decision on the fine was taken on 16 July by […]