The report focuses its attention on mental health and prayer apps, saying their privacy standards are worse than any other product category.
The foundation’s analysts claim some of those apps routinely share data, permit weak passwords, bombard powerless users with personalized ads, and live off the premise of hazy and unintelligible privacy policies.
“They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data,” said Jen Caltrider, Mozilla’s *Privacy Not Included lead.
“Turns out, researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with our most intimate personal information.”
The study looked at 32 mental health and prayer apps and anointed all but four with a *Privacy Not Included warning label and said most were “exceptionally creepy.” One of those 28 offenders is the faith-based app, Pray.com.
The app serves a number of functions, including as a social media platform for religious communities. Churches and other religious organizations use the platform to engage in discussions, Livestream services, and solicit and receive donations.
Individuals using the app may participate in “prayer communities” where users can ask for and answer prayer requests.
It sounds innocent enough but the question may arise over how this highly personal data is handled. ThreatPost reported that in late 2020, data from Pray.com leaked private data for up to 10 million people.
Included in that data leak were lists of a church’s attendees containing information for each churchgoer such as names, home and email addresses, phone numbers, and marital status. In addition, ThreatPost reported that the information exposed in a public cloud bucket also included church-donation information, photos, and users’ contact lists
Pray for your privacy
On a recent Freakonomics Radio podcast, author Stephen Dubner investigated the landscape of faith-based apps, of which Pray.com is only a part. Dubner expressed concern that these apps were sharing user data with Facebook. The Mozilla Foundation report said that is a real concern.
“If you use Pray.com, you'd better pray for your privacy. Because Pray.com is absolutely awful when it comes to their users' privacy and security,” the Mozilla analysts wrote.
The primary stress point for the analysts was the figurative ton of personal information that’s spun into an asset and a healthy revenue stream.
“Pray.com then says they can use all this data to target you with ads, share with third parties to target you with ads and share with other ‘faith-based organizations’ so they can target you too,” the report said.
“We don't mean to be, well, mean, but Pray.com really feels like it might be a data harvesting business targeting Christians for purposes that go way way way beyond helping them on their prayer journey. … It all feels kinda icky to us.”
Mozilla Foundation’s advice? “Find another prayer app.”
ConsumerAffairs reached out to Pray.com and Facebook for comment but did not receive answers to the questions we posed regarding privacy policies, personal data that is being shared, and for what purposes personal data is shared.
Whatever the app, you still need to be careful
Are there prayer apps that the Foundation spared from being labeled “*Privacy Not Included”? Yes, one. Among those listed, the only one ConsumerAffairs found that met that criteria and readers did not qualify as “Super Creepy” was the “Hallow” app.
To Hallow’s credit, the researchers said the company was the only one who replied to all its questions and even updated its password requirement to require users to log in with a strong password when the Foundation noted that the app allowed the use of a relatively weak password like “11111.”
Alongside Pray.com, others in the category not meeting the criteria by both researchers and readers were the King James Bible Daily Verse and Audio and Abide. There was one app – Glorify – that was a split decision. Foundation researchers gave it a thumbs-up, but readers pegged it as “Super Creepy.”
So, what’s someone who wants to engage with a prayer app to do? If you do decide to find another, be careful, Harold Li, vice president at ExpressVPN, told ConsumerAffairs.
“This is not the first time that faith-based apps are caught sharing data with third parties. Last year, ExpressVPN conducted extensive research on location trackers embedded in 450 social, messaging, and faith-based apps to measure the extent to which they intrude on location privacy for individuals around the world,” Li said, highlighting the fact that those investigated apps were downloaded by users 1.7 billion times in total.