Unveiling Privacy and Security Gaps in Female Health Apps

TL;DR

This paper assesses the privacy and security of 45 popular Female Health Apps, revealing significant vulnerabilities, extensive data collection, and privacy policy deviations, which pose risks to user privacy and security.

Contribution

It provides a comprehensive security and privacy analysis of FemTech apps, highlighting critical gaps and offering recommendations for improvement.

Findings

Harmful permissions and extensive data collection

Presence of numerous third-party tracking libraries

Deviations from fundamental data privacy principles

Abstract

Female Health Applications (FHA), a growing segment of FemTech, aim to provide affordable and accessible healthcare solutions for women globally. These applications gather and monitor health and reproductive data from millions of users. With ongoing debates on women's reproductive rights and privacy, it's crucial to assess how these apps protect users' privacy. In this paper, we undertake a security and data protection assessment of 45 popular FHAs. Our investigation uncovers harmful permissions, extensive collection of sensitive personal and medical data, and the presence of numerous third-party tracking libraries. Furthermore, our examination of their privacy policies reveals deviations from fundamental data privacy principles. These findings highlight a significant lack of privacy and security measures for FemTech apps, especially as women's reproductive rights face growing political challenges. The results and recommendations provide valuable insights for users, app developers, and policymakers, paving the way for better privacy and security in Female Health Applications.