Privacy and Security of Women's Reproductive Health Apps in a Changing Legal Landscape

TL;DR

This paper investigates privacy and security vulnerabilities in FemTech reproductive health apps, revealing significant risks and emphasizing the need for increased accountability, transparency, and improved security measures to protect women's health data.

Contribution

It provides a comprehensive analysis of privacy policies, permissions, and code vulnerabilities in reproductive health apps, highlighting prevalent security issues and advocating for better industry practices.

Findings

61% of code vulnerabilities are OWASP top-ten issues

Many apps collect sensitive PII and healthcare data

Significant privacy and security risks identified in FemTech apps

Abstract

FemTech, a rising trend in mobile apps, empowers women to digitally manage their health and family planning. However, privacy and security vulnerabilities in period-tracking and fertility-monitoring apps present significant risks, such as unintended pregnancies and legal consequences. Our approach involves manual observations of privacy policies and app permissions, along with dynamic and static analysis using multiple evaluation frameworks. Our research reveals that many of these apps gather personally identifiable information (PII) and sensitive healthcare data. Furthermore, our analysis identifies that 61% of the code vulnerabilities found in the apps are classified under the top-ten Open Web Application Security Project (OWASP) vulnerabilities. Our research emphasizes the significance of tackling the privacy and security vulnerabilities present in period-tracking and fertility-monitoring mobile apps. By highlighting these crucial risks, we aim to initiate a vital discussion and advocate for increased accountability and transparency of digital tools for women's health. We encourage the industry to prioritize user privacy and security, ultimately promoting a safer and more secure environment for women's health management.