Search
Content type: Long Read
Go back to the report page Methodology We looked at the top period tracking apps downloaded in the Google Play Store, some of which we had examined in our original research, and some of which are newly emerging apps that have since grown in popularity. The top period-tracking apps with the most downloads included Flo; Period Tracker by Simple Design; and apps we'd tested in our previous research that still exist such as Maya, Period Tracker by GP Apps, as well as several apps popular…
Content type: Long Read
Go back to the full report pagePeriod Tracker by Simple Design is another popular period tracking app that has over 150 million users. To begin using this app the user answers a set of three onboarding questions for about their cycle pattern. The user has the option to answer 'I'm not sure' for each question. After answering 'I'm not sure' for these three questions, we were able to proceed on the app without having to create an account. Throughout our experience inputting our cycle…
Content type: Long Read
Go back to the full report pageThe Maya app is a period tracker app by Plackal Tech based in India. In our previous investigation, we revealed Maya was sharing a plethora of user input data to Facebook. However, in response to our 2019 research, the app claimed it had since ‘removed both the Facebook core SDK and Analytics SDK from Maya’ while ‘continu[ing] to use the Facebook Ad SDK, post opt-in to our terms and conditions and privacy policy’ for revenue purposes, the latter of which 'does not…
Content type: Long Read
Go back to the full report pagePeriod Tracker by GP Apps is another popularly downloaded app we previously looked at in 2019. In our original research, we determined that this app did not appear to share any user input data with Facebook. This time, we examined the third parties that the app appeared to integrate and what kind of data was being shared with these third parties, as well as what user data the app was storing on its own or external services. It’s worth noting that the…
Content type: Long Read
Go back to the full report pageThe WomanLog app, developed by Pro Active App SIA, is a Latvia-based period tracking app with over 10 million downloads that features an 'Intelligent Assistant' chatbot (more on this below). To get started on the app, we completed a short onboarding questionnaire about which app mode we intended to use (e.g., standard) and the length of our cycle and period. Our answers to these questions were sent across the web traffic to the app developer's API:
Content type: Long Read
Go back to the full report pageWocute is a Singapore-based period tracking app with over 5 million global downloads. To get started on the app, a user first needs to complete a short onboarding questionnaire about their goal for using the app ('track my cycle'); their year of birth (which we skipped), followed by the length of their period cycle and start date of their last period (for which we selected 'I'm not sure'). These responses were all communicated to the API:
Content type: Long Read
Go back to the full report pageStardust is a New York-based astrology-themed period tracking app that has recently risen in popularity, having received a spike in downloads in the U.S. following the overturning of Roe v. Wade. According to its website, the app takes a de-identification approach to users' privacy by utilising a third party 'security system' operated by Rownd, “an authentification platform that stores your contact information for us [Stardust] so that we cannot associate your…
Content type: Long Read
Go back to the full report pageThe last app we looked at was Euki, which has been recognised among privacy advocates. The app is a U.S. non-profit privacy-by-default period tracker app founded by a group of social tech and sexual and reproductive health organisations like Digital Defense Fund and Ibis Reproductive Health. The app has recently become open-source. We ran the Euki app through the DIAAS environment to observe its web traffic as for the above apps. There were no onboarding…
Content type: Long Read
Go back to the full report pageLimitationsBefore our analysis, we note the technical limitations (and the scope of our research) meant we did not test certain features mentioned, such as Google Fit integrations offered by some apps. We also mention the limitations of our DIAS environment, which only allows us to see web (client-side) interactions, rather than server-side interactions, the latter of which are increasingly common among more advanced platforms that utilise cloud computing (e.…
Content type: Long Read
Our research has introduced questions about the right to privacy when apps have the potential to share a range of user-related data. This is a particular concern for people using apps in countries where there are restrictions on access to abortion. In the US, after the overturning of Roe v Wade, concerns around the privacy practices of period-tracking apps have been raised in states that have introduced restrictions and bans on access to abortion. It could be very possible for some period…
Content type: Long Read
IntroductionData about our health reveals some of the most sensitive, intimate - and potentially embarrassing - information about who we are. Confidentiality is, and has always been, at the very heart of medical ethics. People need to be able to trust their doctors, nurses and other healthcare providers so that they are not afraid to tell them something important about their health for fear of shame, judgement or social exclusion.It’s no surprise then that data protection regimes around…
Content type: Report
In the months following the beginning of the Covid-19 pandemic, more than half the world’s countries enacted emergency measures. With these measures came an increase in executive powers, a suspension of the rule of law, and an upsurge in security protocols – with subsequent impacts on fundamental human rights. Within this broader context, we have seen a rapid and unprecedented scaling up of governments’ use of technologies to enable widespread surveillance. Surveillance technologies exacerbated…
Content type: Report
Introduction
Several policy initiatives are in progress at the EU level. They seek to address the sustainability of connected devices such as smartphones, tablets and smart speakers. While initiatives to extend the useful life of hardware are important, software must not be ignored. Almost any digital device with which we interact today relies on software to function, which acts as a set of instructions that tells the hardware what to do. From smart thermostats to smart speakers, to our…
Content type: Long Read
The global COVID-19 health crisis not only induced a public health crisis, but has led to severe social, economic and educational crises which have laid bare any pre-existing gaps in social protection policies and frameworks. Measures identified as necessary for an effective public health response such as lockdowns have impacted billions workers and people's ability to sustain their livelihood worldwide, with countries seeing unprecedented levels of applications for welfare benefits support,…
Content type: Report
Privacy International’s submissions for the Independent Chief Inspector of Borders and Immigration inspection of the Home Office Satellite Tracking Service Programme
The Home Office have introduced 24/7 electronic monitoring and collection of the location data of migrants via GPS ankle tags. This seismic change cannot be overstated. The use of GPS tags and intention to use location data, kept for six years after the tag is removed, in immigration decision-making goes far beyond the mere…
Content type: Long Read
When you buy a brand-new low-cost phone, it’s likely to come pre-installed with insecure apps and an outdated operating system. What this means is that you or your loved ones could be left vulnerable to security risks or to having their data exploited. Privacy shouldn’t be a luxury. That’s why we advocate for companies to provide the latest security features and privacy protections for both low- and high-cost phones.
Content type: Long Read
For many, browsing the internet or checking social media comes with its fair share of being targeted with ads selling “fad diet” subscription-based programmes, magic weight-loss powders, or promising a secret trick to lose weight quickly. Some of the products and programmes sold have been described as scams, with a very real impact for those suffering from eating disorders and those who fall prey to these ads. This is even more problematic due to the Covid-19 pandemic, which has seen the…
Content type: Long Read
Now more than ever with a global pandemic happening, our lives are being shaped by our interaction with the digital world. Work meetings on Zoom followed by Skype with family before a quick run with your favourite running app and a Google search for your next meal: technologies and services offer us a lot and greatly improve our daily lives. But what's the real cost of these tools we rely on so much?
A lot of these companies, especially those offering free services, collect data about you. It…
Content type: Long Read
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: Long Read
It is common for families with no recourse to public funds who attempt to access support from local authorities to have their social media monitored as part of a ‘Child in Need’ assessment.
This practice appears to be part of a proactive strategy on the part of local authorities to discredit vulnerable families in order to refuse support. In our experience, information on social media accounts is often wildly misinterpreted by local authorities who make serious and unfounded allegations…
Content type: Report
It is common for families with no recourse to public funds who attempt to access support from local authorities to have their social media monitored as part of a 'Child in Need' assessment. This practice appears to be part of a proactive strategy on the part of local authorities to discredit vulnerable families in order to refuse support. In our experience, information on social media accounts is often wildly misinterpreted by local authorities who make serious and unfounded allegations…
Content type: Long Read
Covid Apps are on their way to a phone near you. Is it another case of tech-solutionism or a key tool in our healthcare response to the pandemic? It’s fair to say that nobody quite knows just yet.
We’ve been tracking these apps since the early days. We’ve been monitoring Apple and Google closely, have been involved in the UK’s app process, our partners in Chile and Peru have been tracking their governments’ apps, and more.
Of course privacy concerns arise. But only a simplistic analysis would…
Content type: Long Read
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content type: Long Read
‘Let’s build an app for that’ has become the response to so many things. It’s no surprise it’s happening now.
Apps are notorious for their lack of security and privacy safeguards, exploiting people’s data and devices. Now we’re being asked to trust governments with their proposed apps -- of which there are many. These are the very same governments who have been keen to exploit data in the past. For instance, PI currently has four outstanding legal cases arising from the last times governments…
Content type: Report
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content type: News & Analysis
Cloud extraction allows law enforcement agencies to take huge amounts of your data from the Cloud via a legal back door. If law enforcement seize your phone or take it from a victim of crime, they can extract tokens or passwords from the device which lets them get access to data from apps such as Uber, Instagram, Slack, Gmail, Alexa and WhatsApp.
In so doing, law enforcement agencies can avoid official channels through cloud companies such as Google, Apple…
Content type: Long Read
Mobile phones remain the most frequently used and most important digital source for law enforcement investigations. Yet it is not just what is physically stored on the phone that law enforcement are after, but what can be accessed from it, primarily data stored in the Cloud.
Cellebrite, a prominent vendor of surveillance technology used to extract data from mobile phones, notes in its Annual Trend Survey that in approximately half of all investigations, cloud data ‘appears’ and that…
Content type: Long Read
Following a series of FOI requests from Privacy International and other organisations, the Department of Health and Social Care has now released its contract with Amazon, regarding the use of NHS content by Alexa, Amazon’s virtual assistant. The content of the contract is to a big extent redacted, and we contest the Department of Health’s take on the notion of public interest.
Remember when in July this year the UK government announced a partnership with Amazon so that people would now…
Content type: Long Read
[Photo credit: Images Money]
The global counter-terrorism agenda is driven by a group of powerful governments and industry with a vested political and economic interest in pushing for security solutions that increasingly rely on surveillance technologies at the expenses of human rights.
To facilitate the adoption of these measures, a plethora of bodies, groups and networks of governments and other interested private stakeholders develop norms, standards and ‘good practices’ which often end up…
Content type: Long Read
In this piece we examine mobile phone extraction, relying on publicly available information and Privacy International’s experience from conducting mobile phone extraction using a Cellebrite UFED Touch 2. We welcome input from experts in the field. This is a rapidly developing area. Just as new security features are announced for phones, so too new methods to extract data are found.
[All references can be found in the pdf version below.]
General explanation of mobile phone…