A new report by Mozilla, as part of its *Privacy Not Included series, found that mental health and prayer-focused apps have terrible protection for user data and privacy, calling the collective slate of apps “worse” than almost any other group of products the company reviewed.
Mozilla’s *Privacy Not Included program reviews the security and protections offered by a number of online services and hardware, tracking what apps and devices require strong passwords or sell your data to third-party services.
In its study on mental health apps released today, Mozilla found that these online services, designed to safely help people navigate both crises and general wellness, woefully skip basic tenets of proper digital safety.
“Mozilla investigated the privacy and security practices of 32 mental health and prayer apps, like Talkspace, Better Help, Calm, and Glorify. 29 of the 32 apps were slapped with a *Privacy Not Included warning label,” the report said, “indicating strong concerns over user data management.”
Twenty-five of the apps failed to meet Mozilla’s Minimum Security Standards, which checks whether apps properly handle security updates. These apps are tasked with collecting personal data and sensitive health information. Through them, users can speak with licensed therapists or chatbots about their mental health. But the apps don’t seem particularly interested in protecting that data, which is a disconcerting finding.
“Some apps’ security practices are akin to a flimsy lock on a diary,” Mozilla said. “At least eight apps allowed weak passwords ranging from “1” to “11111111”. [One] only required one letter or digit as a password, which is concerning for an app that collects mood and symptom data.”
And like a number of other apps, they tend to hoover up personal data.
“Nearly all the apps reviewed gobble up users’ personal data—more than Mozilla researchers have even seen from apps and connected devices,” the study continues. “Further, some apps harvest additional data from third-party platforms (like Facebook), elsewhere on users’ phones, or data brokers.”
Some of the apps’ privacy policies allow them to share your information with third parties, while others maintain logs of your conversations, meaning your mental health concerns may not be as private as you believed.
All told, Mozilla called the mental health app space “worse than any other product category Mozilla researchers have reviewed over the past six years,” noting that only two of the 32 apps and products it reviewed met its standard for properly protecting user privacy and data.
“The vast majority of mental health and prayer apps are exceptionally creepy,” Jen Caltrider, Mozilla’s *Privacy Not Included lead, said in the report. “They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data. Turns out, researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with our most intimate personal information.”
In a statement to the Daily Dot, Talkspace vehemently refuted Mozilla’s findings.
“Mozilla’s report lacks context from Talkspace and contains major inaccuracies which we are working with Mozilla to address,” a Talkspace spokesperson said. “We have one of the most comprehensive privacy policies in the industry, and it is misleading to assert we collect user data or chat transcripts for anything other than the provision of treatment.”
This post has been updated with comment from Talkspace.