What Your Period Tracker App Knows About You
These apps are popular, but they raise concerns about what happens to the very personal data they collect
After Catherine Feintuch gave birth to her second child, a son now 2, she downloaded a free app called Flo to her smartphone to help her track her menstrual cycle. To see whether her cycle had returned to normal and to create a reliable record to discuss with her gynecologist, she input data about her period, including dates and flow levels.
Hoping to keep her information private, the 33-year-old infectious disease researcher chose to use the app anonymously, opting not to register with her email address and create an account. Still, she wonders whether some of her personal information may be getting out into the wider world.
“I understand that the app is free and I’m giving them my data in exchange for getting the service," Feintuch says. "But I don’t know what else the data I am giving them is being used for, or if the app is accessing other information on my phone.”
Feintuch, one of about 50 million women worldwide who uses a period tracker app, is right to be concerned.
But none guarantee that all of your information will be used only in ways you intend. That’s because they all share some user data with external partners for purposes such as targeted advertising. And those partners may then share or resell your personal information to third parties who make no promises to you about how they handle it.
CR’s Digital Lab also found shortcomings among all five apps in how they protect the sensitive user data they gather—though when CR alerted the companies to these findings, some moved quickly to make fixes. (See the chart below for details on what we found.)
"Consumers have a choice when it comes to using health apps,” says CR’s Mendelsohn. “They should be aware that information shared with health apps like these have the same data privacy rights as with any other app—which is very little.”
Here’s what you need to know about privacy issues with period tracking apps, what CR’s analysis found, and ways to protect your information.
The Growth of 'Femtech'
Period trackers have been used by nearly a third of women in the U.S., according to a recent Kaiser Family Foundation survey. They are part of the burgeoning market for “femtech,” which are technology-based products and services focused on women’s health. The market for all digital tools for women’s health needs—such as apps for personalized nutrition advice, weight-loss coaching, and high-tech breast pumps that record when and how much is pumped—could be worth as much as $50 billion by 2025, according Frost & Sullivan, a research and consulting firm.
Period trackers can be used for a wide variety of reasons in addition to monitoring menstruation. Professional athletes, such as those on the U.S. women's soccer team and several British Olympic hockey gold medalists, use them to tailor workouts and nutrition plans to their body's cycles. Clue, Ovia, and Flo say that medical researchers use anonymized information from the apps to study women’s health concerns. Some even have features that manufacturers claim will help diagnose medical conditions. Flo and Clue recently introduced tools to assess a user’s risk of polycystic ovary syndrome (PCOS), a hormone disorder that can affect a woman's fertility.
All five apps are free, but Clue offers a subscription version that allows you to chat with other users and get discounts or free products like tampons. Flo’s subscription service provides extra features such as period predictions and health reports you can share with your doctor.
The Problem With Period Trackers
As period tracker apps grow in popularity and utility, so does concern about what happens with the personal information users input. Unlike medical records held by doctors and hospitals, the information collected by health-focused apps isn’t covered by the Health Insurance Portability and Accountability Act (HIPAA), a 1996 federal law that limits where healthcare providers can share your health information.
That means health app makers are mostly free to do what they want with the data they collect. For instance, they may work with companies that analyze how users interact with the app to improve its design or function. Or they may share information with digital ad and marketing partners who use it to send personalized ads to users for, say, baby products, or to recruit new users. These partners may be giant tech companies like Facebook and Google, small tech firms you never heard of, or both.
Those external partners may then have a relationship with data brokers, who collect, aggregate, and combine personal information about you from a variety of sources to create a profile on you and in turn sell it to others. And there’s no way to really know who is getting that profile. A recent study by an advocacy group called the Norwegian Consumer Council examined 10 popular apps including Clue and found that they were collectively feeding personal information to at least 135 companies.
What’s more, even when your data is de-identified by removing identifiable information such as your name or email address, it can be combined with other information—such as your location, contacts, or unique identifiers in your phone—and traced back to you, research suggests.
“It is the ability of a mobile app to collect far more data about you than you’re telling it that can be harmful,” says Jennifer King, director of consumer privacy at Stanford Law School’s Center for Internet and Society.
While consumers may shrug at such sharing as a trade-off of the digital age, there's emerging evidence of harm. Last March, for instance, the Department of Housing and Urban Development sued Facebook for housing discrimination, saying that the social media giant allowed advertisers to restrict who can see housing-related ads based on race, religion, sex, or disability. This information was gleaned from Facebook’s data mining activities, and then handed over to advertisers.
While the Facebook suit isn’t related to personal health data, it’s not hard to imagine that the information collected by period trackers—especially with some employers and health insurers licensing the apps to use as part of corporate wellness programs—could be used in ways that harm women, King says.
CR’s Mendelsohn agrees. “With issues like pregnancy discrimination still a concern for many women, those using reproductive health apps will want to be sure their private information stays private," she says.
There's a bipartisan effort in the Senate to address the problem with the Protecting Personal Health Data Act, introduced in June by Amy Klobuchar (D-Minn.) and Lisa Murkowski (R-Alaska). The proposed law, which CR supports, would require that mobile health technologies such as health apps and fitness trackers allow users to review, change, and delete health data collected by companies. Some states are also taking action. For example, the California Consumer Privacy Act of 2018, which went into effect this month, gives consumers similar protections.
What CR’s Digital Lab Found
To evaluate privacy practices and data security for BabyCenter, Clue, Flo, My Calendar, and Ovia, CR’s Digital Lab used principles outlined in the Digital Standard. Launched by CR in 2017 in partnership with privacy and security experts, the standard is a set of benchmarks that companies can use to design digital products that are respectful of consumer privacy rights.
CR examined the apps and their privacy policies for clarity and comprehensiveness, transparency about data sharing, user control over their information and access to it, and best practices in how apps are designed to keep information secure.
Those rules, such as giving users the right to delete their data, don’t apply to the other apps CR examined, which are made by companies based in the U.S. But several take some of the same precautions voluntarily.
In addition, Flo dropped Facebook as an ad-tracking and data-analytics partner after The Wall Street Journal revealed last February that the app shared personal data, such as whether a user intended to become pregnant, with the social media giant, which used the information for targeted advertising. Now Flo uses only one partner for ad targeting and app usage analysis while the other apps CR evaluated use a half-dozen or more.
While CR’s Digital Lab didn’t uncover any major security issues, it did find shortcomings in the way all five apps handle the sensitive user data they collect, says Maria Rerecich, CR’s senior director of product testing. For example, none require users to log in by default every time they open the app, or offer multifactor authentication (which requires that users input a code sent by text to their phone), or require an additional security step before accessing the app. “Those are best practices that can better secure your data,” Rerecich says.
|Can you use without sharing your name and email?||YES||NO||YES||NO||NO|
|Who does the app share your data with?|
|Advertisers and marketers||YES||YES||YES||YES||YES|
|Health researchers, with your permission||NO||YES||YES||NO||YES|
|Insurers and employers via wellness programs||NO||NO||NO||NO||YES|
|Does the app use these 2 security precautions?|
|Default is to authenticate the user with each use||NO||NO||NO||YES||NO|
|Works with password managers||YES||YES||YES||NO||YES|
• Health reseachers, with your permission
• Entities that research health, with your permission
• Insurers and employers via wellness programs
When CR reached out to each of the app makers with our findings, we received varied responses.
Clue told CR it doesn't require users to enter a passcode to log in because that's more user-friendly. But it noted that users can opt to use a PIN to unlock the app each time they launch it. After Consumer Reports reached out, Clue also modified the app so that it now works with password managers, which generate strong passwords and encrypt your information.
Flo didn’t respond to several requests to explain why its app doesn't require a password login by default and doesn't describe how it reports data breaches. After CR reached out to Flo, the most recent version of the app now works with a password manager.
How Accurate Are Period Trackers?
Is putting your personal data at risk worth the benefits that come with using these apps? That may depend in part on why you’re using them. “An app can be a reliable digital record of your menstrual cycle. If you’re trying to get pregnant, it can be a helpful tool,” says Nathaniel DeNicola, M.D., the chair of telehealth for the American College of Obstetricians and Gynecologists. “But there’s real cause for concern if you’re using it to avoid getting pregnant. If you’re just one day off, it could result in an unintended pregnancy.”
None of the apps that CR evaluated are marketed as a method of birth control, though MyCalender says its app can help users concerned about birth control and contraception. Another app, Natural Cycles, is certified in Europe for birth control and is approved for marketing as a contraceptive in the U.S. by the Food and Drug Administration. In 2018, Natural Cycles was investigated by Swedish authorities after a report that dozens of women using the app had unwanted pregnancies. The investigators recommended Natural Cycles clarify the risk better for users, and the company complied.
A 2016 study in the Journal of the American Board of Family Medicine found that only six of 30 apps marketed to help women avoid pregnancy accurately predicted a woman’s fertile window. And a 2017 study from the University of Washington found that 20 percent of people who reviewed fertility apps said the apps incorrectly predicted their cycles. That could be because the apps failed to account for factors such as recent childbirth or approaching menopause, both of which can affect menstrual cycles, and other design flaws.
DeNicola points out that the accuracy of the apps also depends on how carefully and consistently you track. The longer you track and the more data about your cycle you supply, the more accurate results should be, he says.
How to Protect Your Personal Information
“Data privacy should be a fundamental right for consumers, but that’s not the reality right now,” says CR’s Mendelsohn. “Instead, health app makers can collect, buy, and sell your data without your knowing consent.”
To address those issues, Mendelsohn says, app developers should use consumers’ data only for the purpose of the app and not share or sell the information; collect only the data the app needs to operate, and destroy that data after use; and give consumers clear, concise information about why they collect the data and what they do with it. Finally, companies that violate their privacy policies should face strict penalties, Mendelsohn says.
Until such protections are in place, here’s how you can reduce the risk that your information will be shared inappropriately:
- Consider a password manager. These programs—such as 1Password, Dashlane, KeePass, or LastPass—generate extremely strong passwords for all your accounts and encrypt them to keep them safe. When you go to the app you want to use, it will log you in.
- Hide from ads. If you don’t want targeted ads to follow you to social media platforms and possibly tip people off to conditions such as pregnancy or infertility, use your smartphone settings to limit ad tracking. On Apple phones, go to settings, scroll down to “privacy,” click on “advertising,” and turn on the “limit ad tracking” button. On an Android phone, go to “settings,” scroll down to Google, and click on “ads,” where you’ll find an option to opt out of ad personalization and to reset your advertising ID.
- Watch what you share. Apps rely on consumers to volunteer information. But just because they ask doesn't mean you have to answer. As with Flo, some fertility apps don’t require you to register an email address to use it. And if an app does require you to use an email address, you can set up an alternate email account for that information to cut down on the marketing spam clogging up your primary email inbox.
- Keep updated. Apps are updated frequently to add new features and fix bugs. You can turn on automatic updates on your phone’s settings. Or check apps periodically to see if updates are available.
Editor’s Note: This article was updated on Jan. 28 to include a statement from BabyCenter explaining why its app requests access to a user’s camera.