No Body's Business but Mine: Vol 2

An image of someone holding a menstrual cup and consulting a generic period app

Many menstruating individuals today use period-tracking apps as a convenient digital tool on their smart phone to track their menstruation. In the UK, researchers have found that more women are using smartphone apps to track their menstrual cycles for fertility-tracking purposes. In the U.S., the overturning of Roe v. Wade has slightly shifted the tides, with some users seeking out privacy-enhancing period tracking apps over the mainstream apps and other users outright deleting their period tracking apps over privacy fears. And in the current technological climate, it’s worth asking: how responsible with user data are these apps? 

In 2019, Privacy International (PI) investigated several popular period-tracking apps across the world to examine how they handle users' privacy, particularly the sharing of users' period data with Facebook. We performed a dynamic analysis of ten popular period tracking apps using our data interception environment (DIE), which allowed us to see whether and where these apps were sharing user data. The most popular apps we looked at did not appear to share data with Facebook, but the other apps we examined that still boasted millions of downloads appeared to engage in some extensive sharing of sensitive user cycle data with third parties including Facebook. Our research exposed serious concerns around these apps’ compliance with data protection laws, as well as around companies’ responsibility and accountability when it comes to third-party data-sharing. 

Since then, data protection and privacy regulations have been ramping up, with increased expectations for user privacy protection in the form of regulations like the European Union (EU) Digital Services Act, the AI Act and continued enforcement of the General Data Protection Regulation (GDPR). 

However, these privacy regulations have also been coupled with setbacks in the women's health sector, such as the repealing of Roe v. Wade in the U.S. that has put women's sexual and reproductive health data in a more precarious position than ever before. Not to mention in recent years numerous examples of law enforcement using people’s online data for investigation purposes, such as U.S. law enforcement using Facebook chat logs to prosecute an abortion seeker in Nebraska or UK law enforcement reportedly obtaining a woman’s Google search history and sentencing her for taking abortion pills beyond the legal limit. 

Considering these changes over the past several years in the privacy and political landscape, as well as technological changes such as the expansion of cloud-based services and the AI industry, we undertook another technical investigation into how period tracking apps are handling user data five years later and the implications for users’ privacy. 

As we will expand on below, our research found that, overall, period tracking apps were not sharing users’ cycle data as egregiously with third parties as we found for some apps in 2019. Though in the course of our investigation, we did observe several categories of third parties that many apps were integrating for different purposes, such as advertising software development kits (SDKs) or application programming interfaces (APIs) to service certain app functionalities, and these third parties often processed some degree of the user's personal or device data. The various technical approaches that period tracking apps utilise to service their app warrant scrutiny in a politically volatile realm. In our report, we explore the various technical methods built into period tracking apps, such as integrating third party deployers and storing user data on servers, and we conclude with how these practices raise crucial questions for the future of privacy in the femtech space.

Download the full report

Long Read

Building on our findings from our previous research, we sought to investigate the data management and sharing practices of menstruation apps with third parties beyond Facebook, as well as to assess whether some of the apps we looked at the first time around had improved their practices as they have claimed.

Long Read

Flo, headquartered in London, UK, is one of the most popular period-tracking apps on the market with over 380 million downloads. 

Long Read

Period Tracker by Simple Design is another popular period tracking app that has over 150 million users.

Long Read

The Maya app is a period tracker app by Plackal Tech based in India. 

Long Read

Period Tracker by GP Apps is another popularly downloaded app we previously looked at in 2019. 

Long Read

Wocute is a Singapore-based period tracking app with over 5 million global downloads. 

Long Read

The WomanLog app, developed by Pro Active App SIA, is a Latvia-based period tracking app with over 10 million downloads that features an 'Intelligent Assistant' chatbot.

Long Read

Stardust is a New York-based astrology-themed period tracking app that has recently risen in popularity, having received a spike in downloads in the U.S. following the overturning of Roe v. Wade.

Long Read

The last app we looked at was Euki, which has been recognised among privacy advocates. 

Long Read

Read our analysis of our research findings, including the limitations of the method, the use of advertising and analytics SDKs, other third-party developer tooks, content delivery networks, non-local storage, data minimisation, and the future of privacy.

Long Read
Our research has introduced questions about the right to privacy when apps have the potential to share a range of user-related data. This is a particular concern for people using apps in countries where there are restrictions on access to abortion. In the US, after the overturning of Roe v Wade
Key Resources

In 2019 PI undertook dynamic analysis of various menstrution apps using its own data interception environment to look at the data they share with Facebook.