- Elon Musk’s Cybertruck mocked after ball busts windows during demonstration Today 12:23 AM
- Pornhub has a bundle now, Disney+ style Thursday 11:27 PM
- Jacob Wohl’s dad is selling horny calendars of himself for the soldiers Thursday 11:10 PM
- Amanda Palmer dragged for ‘demanding’ coverage of her music Thursday 8:33 PM
- How to get free TikTok followers without downloading a virus Thursday 7:57 PM
- Trump Jr.s ‘Triggered’ topped best-seller’s list with help of RNC Thursday 7:41 PM
- FBI raided millionaire YouTuber’s home, allegedly took everything Thursday 6:55 PM
- A fake Labour party website is spreading disinformation in Britain Thursday 6:16 PM
- Twitter bans cricket club for posting ISIS content in apparent hack Thursday 6:12 PM
- This dad remade his daughter’s NSFW photo—and people are loving it Thursday 5:51 PM
- Teen allegedly posted ‘slave for sale’ Craigslist ad featuring his Black classmate Thursday 5:28 PM
- People are crushed that this teen love story might be a TikTok ‘joke’ Thursday 4:50 PM
- Is Jacob Wohl evading his Twitter ban with Jack Burkman’s account? Thursday 2:06 PM
- Biden’s most perplexing debate answers, explained Thursday 2:03 PM
- How to stream Colts vs. Texans on Thursday Night Football Thursday 12:52 PM
Health apps encourage us to pour personal information once shared only with doctors into software that lives on our mobile devices. As we connect ourselves to services that monitor our health and behavior, security questions arise, especially when flaws in these services are exposed.
Glow, the period and fertility tracker app, is the latest health tracking app to come under fire for security issues. Consumer Reports discovered the app had multiple vulnerabilities that let someone who knew a user’s email access their personal data, as well as a flaw that allowed someone to access personal information like emails, passwords, and posts in the app’s community forums.
“We concluded that it would be easy for stalkers, online bullies, or identity thieves to use the information they gathered to harm Glow’s users,” Consumer Reports wrote. Some of the information people share with the app includes sexual activity, menstrual cycles, whether they’ve had an abortion, medications, and other intimate health data.
In July, Glow updated the app to fix the security issues, and emailed users to change their passwords just to be safe. Jennifer Tye, head of U.S. operations at Glow, gave the following statement to the Daily Dot:
We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. Of the more than 4 million users across our apps, far less than 0.15% of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.
As the Washington Post notes, Glow and other fitness and activity tracking apps don’t fall under HIPAA compliancy, the law that requires confidential handling of medical data you share with clinicians. The Food and Drug Administration doesn’t require health tracking app makers to submit their software to the FDA for review.
The lack of oversight apps get while containing the same information a doctor has could be concerning in some cases, like when corporate wellness programs implement fitness tracking or weight loss programs using apps. Fitness apps and wearables are increasingly popular in offices and classrooms, and organizations sometimes require employees or students to wear them.
Earlier this year, deputy director of the Privacy & Data Project at the Center for Democracy & Technology Michelle De Mooy told the Daily Dot that privacy of these tools is sometimes overlooked because of the push to incorporate high-tech resources into wellness programs. “There’s a rush to really invest in technology, especially when schools are concerned…There’s a big push in a lot of schools in the U.S. to embrace technology and STEM, and sometimes what I’ve seen is a rush to do this without really making sure the companies being used to do this kind of thing are really protecting data and privacy.”
Fitness and health apps sometimes share information with third-party services, which in turn can use your personal information to serve up advertising. A 2014 study by the Federal Trade Commission found that of 43 health and fitness apps studied, 39 percent of free and 30 percent of paid apps give data to third-party services that are not disclosed in the app’s policies.
Glow’s flaws have been patched, but the security incident serves as a reminder that our patient information stored anywhere but the doctor’s office might not be as secure as we think.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.