There’s an app for just about everything these days, especially where our health is concerned. However, what permissions are consumers blindly granting to the latest apps, and who has access to that data?
News recently appeared that a popular pregnancy and fertility tracking app had some serious security holes, inlcluding a security issue that allowed a relatively easy breach of users’ information.
Glow, which lets its users do everything, from monitoring their entered data to connecting with other couples via the app’s forum, was the subject of a Consumer Reports investigation. The results were alarming. Using simple, free security testing software, the team was able to access Glow users’ names, email address, birth dates, pregnancy due dates, sensitive health information, and more.
Even more upsetting, Consumer Reports was able to glean data on users’ sexual activity, history of abortions or miscarriages, and more; all through a security flaw, which was left wide open and required very little technical skill to penetrate.
Glow’s executives have been quick to point out that this was not a data breach, but an intentional investigation by an outside consumer advocacy group working to protect the public. They also claim that the security hole has now been patched. But is this another sign that we’re blithely giving faceless entities access to our most sensitive–and even intimate–personal information?
It’s all too easy to blame the app developer for building a vulnerable product, but at some point, consumers have to take responsibility for limiting how much data they share, knowing where it goes, and understanding who can access it. In the case of Glow, users were understandably in a precarious position; pregnancy and fertility are highly emotionally charged personal issues, and any tool that can make the process easier for would-be parents is certainly enticing. And given the financial burden surrounding conception and carrying a child to term–considering that fertility care in the US is a $2 billion a year industry that costs patients an average of $12,400 per IVF attempt–it’s easy to see why an inexpensive app that might help move things along seems like a good option.
But that’s just one app. Headlines about security flaws and data breaches surrounding everything from school database software to the latest game app should have already served as a cautionary tale, yet consumers still willingly agree to grant permissions to the developers without even questioning the privacy concerns. In order to secure our data, as tech users we’ve got to start demanding answers to the questions of where our information goes after we share it, and why someone needs it in the first place.