- ‘Watchmen’ episode 5: Looking Glass just became one of the most compelling characters Sunday 9:05 PM
- Man allegedly kills girlfriend, then pretends to be her on Facebook Sunday 4:29 PM
- Trevor Lawrence met TikTok teen who looks just like him Sunday 3:48 PM
- Trump’s hospital visit spawns conspiracy theories Sunday 2:49 PM
- ‘SNL’ skit combines Harry Styles, the Popeyes chicken sandwich, and Disney+ Sunday 2:02 PM
- Doctored photo of GOP congresswoman flipping the bird fools critics Sunday 1:05 PM
- Internet scammers taking advantage of Narwhal the ‘unicorn’ rescue puppy Sunday 12:19 PM
- Sunday Night Football: How to stream Bears vs. Rams live Sunday 12:00 PM
- CupcakKe’s month-long ‘water fast’ has fans concerned Sunday 11:24 AM
- Will.i.am claims ‘racist’ flight attendant called police on him Sunday 10:28 AM
- How does Disney+ compare to Netflix, Hulu, HBO Max, and Apple TV+? Sunday 9:35 AM
- How to stream Patriots vs. Eagles live Sunday 9:30 AM
- Girl turns herself into ‘pleading face’ emoji Sunday 9:27 AM
- How to stream Cowboys vs. Lions live Sunday 9:00 AM
- Chaotic good, true neutral: The 2020 Democrat alignment chart Sunday 6:30 AM
Health apps encourage us to pour personal information once shared only with doctors into software that lives on our mobile devices. As we connect ourselves to services that monitor our health and behavior, security questions arise, especially when flaws in these services are exposed.
Glow, the period and fertility tracker app, is the latest health tracking app to come under fire for security issues. Consumer Reports discovered the app had multiple vulnerabilities that let someone who knew a user’s email access their personal data, as well as a flaw that allowed someone to access personal information like emails, passwords, and posts in the app’s community forums.
“We concluded that it would be easy for stalkers, online bullies, or identity thieves to use the information they gathered to harm Glow’s users,” Consumer Reports wrote. Some of the information people share with the app includes sexual activity, menstrual cycles, whether they’ve had an abortion, medications, and other intimate health data.
In July, Glow updated the app to fix the security issues, and emailed users to change their passwords just to be safe. Jennifer Tye, head of U.S. operations at Glow, gave the following statement to the Daily Dot:
We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. Of the more than 4 million users across our apps, far less than 0.15% of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.
As the Washington Post notes, Glow and other fitness and activity tracking apps don’t fall under HIPAA compliancy, the law that requires confidential handling of medical data you share with clinicians. The Food and Drug Administration doesn’t require health tracking app makers to submit their software to the FDA for review.
The lack of oversight apps get while containing the same information a doctor has could be concerning in some cases, like when corporate wellness programs implement fitness tracking or weight loss programs using apps. Fitness apps and wearables are increasingly popular in offices and classrooms, and organizations sometimes require employees or students to wear them.
Earlier this year, deputy director of the Privacy & Data Project at the Center for Democracy & Technology Michelle De Mooy told the Daily Dot that privacy of these tools is sometimes overlooked because of the push to incorporate high-tech resources into wellness programs. “There’s a rush to really invest in technology, especially when schools are concerned…There’s a big push in a lot of schools in the U.S. to embrace technology and STEM, and sometimes what I’ve seen is a rush to do this without really making sure the companies being used to do this kind of thing are really protecting data and privacy.”
Fitness and health apps sometimes share information with third-party services, which in turn can use your personal information to serve up advertising. A 2014 study by the Federal Trade Commission found that of 43 health and fitness apps studied, 39 percent of free and 30 percent of paid apps give data to third-party services that are not disclosed in the app’s policies.
Glow’s flaws have been patched, but the security incident serves as a reminder that our patient information stored anywhere but the doctor’s office might not be as secure as we think.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.