- Influencer got trapped under ice for TikTok clout, ‘came close to dying’ Thursday 7:59 PM
- #BernieBruh puts new spin on ‘Bernie Bro’ label, showcases support among Black voters Thursday 6:58 PM
- Camila María Concepcíon, trans activist and Netflix writer, dies at 28 Thursday 5:46 PM
- Chrissy Teigen calls out fan who made weird comment about her daughter’s feet Thursday 4:57 PM
- TikTok’s ‘clean queen’ says videos are helping her figure out ‘adulting’ Thursday 4:12 PM
- Clearview clients include ICE, Macy’s, Best Buy, leaked data reveals Thursday 4:08 PM
- Women are clamoring to get their photos on a Twitter feed of ‘hot mugshots’ Thursday 4:06 PM
- ‘Love Is Blind’ finale: Somehow, real love emerged from this dystopian setting Thursday 3:57 PM
- Creator of ‘Say So’ TikTok dance appears in Doja Cat music video Thursday 3:51 PM
- Is TikTok’s algorithm actually pretty racist? Thursday 3:45 PM
- Fans freaking out over ‘Say My Name’ horror remix featured in Jordan Peele’s ‘Candyman’ Thursday 3:33 PM
- CDC graphic warns most facial hair isn’t compatible with coronavirus protection measures Thursday 1:31 PM
- Tutoring website refuses to take down ad sexualizing Asian women Thursday 1:24 PM
- MSNBC pundit loses air time after saying Sanders staffers are ‘island of misfit Black girls’ Thursday 12:36 PM
- Court says YouTube isn’t subject to First Amendment scrutiny Thursday 11:06 AM
Health apps encourage us to pour personal information once shared only with doctors into software that lives on our mobile devices. As we connect ourselves to services that monitor our health and behavior, security questions arise, especially when flaws in these services are exposed.
Glow, the period and fertility tracker app, is the latest health tracking app to come under fire for security issues. Consumer Reports discovered the app had multiple vulnerabilities that let someone who knew a user’s email access their personal data, as well as a flaw that allowed someone to access personal information like emails, passwords, and posts in the app’s community forums.
“We concluded that it would be easy for stalkers, online bullies, or identity thieves to use the information they gathered to harm Glow’s users,” Consumer Reports wrote. Some of the information people share with the app includes sexual activity, menstrual cycles, whether they’ve had an abortion, medications, and other intimate health data.
In July, Glow updated the app to fix the security issues, and emailed users to change their passwords just to be safe. Jennifer Tye, head of U.S. operations at Glow, gave the following statement to the Daily Dot:
We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. Of the more than 4 million users across our apps, far less than 0.15% of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.
As the Washington Post notes, Glow and other fitness and activity tracking apps don’t fall under HIPAA compliancy, the law that requires confidential handling of medical data you share with clinicians. The Food and Drug Administration doesn’t require health tracking app makers to submit their software to the FDA for review.
The lack of oversight apps get while containing the same information a doctor has could be concerning in some cases, like when corporate wellness programs implement fitness tracking or weight loss programs using apps. Fitness apps and wearables are increasingly popular in offices and classrooms, and organizations sometimes require employees or students to wear them.
Earlier this year, deputy director of the Privacy & Data Project at the Center for Democracy & Technology Michelle De Mooy told the Daily Dot that privacy of these tools is sometimes overlooked because of the push to incorporate high-tech resources into wellness programs. “There’s a rush to really invest in technology, especially when schools are concerned…There’s a big push in a lot of schools in the U.S. to embrace technology and STEM, and sometimes what I’ve seen is a rush to do this without really making sure the companies being used to do this kind of thing are really protecting data and privacy.”
Fitness and health apps sometimes share information with third-party services, which in turn can use your personal information to serve up advertising. A 2014 study by the Federal Trade Commission found that of 43 health and fitness apps studied, 39 percent of free and 30 percent of paid apps give data to third-party services that are not disclosed in the app’s policies.
Glow’s flaws have been patched, but the security incident serves as a reminder that our patient information stored anywhere but the doctor’s office might not be as secure as we think.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.