Ready for some more mental health and reproductive health app headaches?
A new report from the Mozilla Foundation says some of those app developers may ignore, assume, or heaven forbid, coerce your “consent” while they bury the rules of the game in a privacy policy they know no one will take the time to actually read.
Annoying? Yep. Creepy? Most definitely. Harmful? Could be.
“You might expect apps that handle very sensitive information — about your period and your anxiety — to treat your consent more seriously. After combing through 65 mental and reproductive health apps’ privacy policies, we learned they mostly don’t,” Foundation researcher, Misha Rykov said in the group’s latest “*Privacy Not Included” report.
How to spot an app’s trickery techniques
Out of the list of tricks the Mozilla researchers found app companies using, one glaring one is some sort of “survey” or chatbot you encounter early in the process. You might assume that the questions you’re answering are simply a matching tool to get you synched up with the right service or product, but the trick is to get you to jump into the information-giving process without being offered or you agreeing to a privacy policy.
Another trick of the trade is making it seem like an app is asking for your consent, but really isn't. Case in point: MindshiftCBT. Its privacy policy says, “We do not generally disclose your personal information to any third party without your specific consent, except as permitted or required by law.”
“Except”? “Or”?
“Two words you don’t want to see following a promise,” the researchers said. “The thing is … data privacy law doesn’t usually cover consent in much detail and is generally pretty permissive. So when apps say ‘we won’t do it unless it’s legal to do it,’ they’re not saying much at all.”
And where could those “except” or “or” loopholes lead to? Mozilla says it’s anyone’s guess, but “shared,” or “collected (from “other sources”) is a troubling possibility.
Take these steps to insure your data doesn’t get abused
The researchers say there are four things consumers can do to protect themselves and their privacy when they give apps access to certain levels of information.
Be wary of introductory surveys that ask for private information about your health without providing any detail about how the answers will be handled.
Don’t assume that your consent is protected by the law. If you’re reading a privacy policy, look for definitive statements that don’t hide behind what’s allowed by law.
For apps that collect personal and sensitive information, check how they use your data before you reveal it, or even download it.
When you can, try to say “no” to tracking, sharing, and personalized ads. A few extra clicks could mean turning off a rush of automatically collected data.
Those pregnancy apps need rules of their own
When ConsumerAffairs recently reported on the FTC’s crackdown on the Premom fertility app, it turns out that the situation with pregnancy apps is more serious than you might think.
In a separate “*Privacy Not Included” study, Mozilla researchers found another 18 of the 25 “reproductive health” pregnancy apps, ovulation trackers, and wearables that it studied also collect a treasure trove of personal data, and then share it widely on the digital landscape.
If mishandled, anyone who uses these applications face serious future consequences, Dr. Subha Jagannathan, BDS and chief medical officer at iCliniq.com, told ConsumerAffairs.
In addition to Mozilla’s suggestions above, he urges anyone using apps like these to press pause and take one extra important step.
“Before you grant the app permission to access your camera, contacts, location, etc., on your smartphones, carefully consider if it is really necessary for the app to function,” he said.
“Be vigilant, make informed decisions, and choose reputable apps with strong privacy measures. By being aware of potential risks and adopting secure practices, women can ensure their sensitive information remains protected and their privacy respected.”