Period-Tracking Apps and Data Privacy in Post-Roe America

Rina Torchinsky, reporting for NPR on an issue that is now top-of-mind for women across the United States:

For those second-guessing their period-tracking app, Ford says there’s a risk vs. convenience calculation that’s different for each user. It depends in large part on where you live and what the laws are.

“If I lived in a state where abortion was actively being criminalized, I would not use a period tracker — that’s for sure,” she says.

But for those who choose to log their data online, there might be some options that aren’t as risky. Ford says that apps built with a nonprofit model could offer more privacy. Hong says paid apps could be better because they’re less likely to track users, since they don’t need to collect advertising data. Hong also advised users to read Apple’s privacy nutrition labels, which are designed to show users how their data is used in simpler terms.

Apps that store data locally are also preferable, Greer explained, because when data is stored locally, the user owns it — not the company.

The article, unfortunately, does not mention the iOS Health app specifically, but should. Apple’s Health data is only accessible on the user’s device(s). From Apple’s support documentation on health records and privacy:

By default, iCloud automatically keeps your Health app data, including health records, up to date across your devices. To disable this feature, open iCloud settings and turn off Health. iCloud protects your health records data by encrypting it both in storage and during transmission. If you’re using iOS 12 or later and have turned on two-factor authentication for your Apple ID, health records are encrypted using end-to-end encryption through iCloud. This means only you can access this information, and only on devices where you’re signed in to iCloud. No one else, not even Apple, can access end-to-end encrypted information.

In other words, it’s not merely a policy that Apple will keep your health data — all of it — private on iCloud. If you’re using two-factor authentication for your iCloud account — and you most definitely should be — it’s mathematically secure via end-to-end encryption. Apple not only won’t hand it over in the face of a demand from law enforcement in a state where abortion has been criminalized, they can’t.

I don’t mean to glibly suggest that Apple Health is a panacea for this dilemma. It’s certainly worth worrying about which third-party apps you grant access to your Health data, for one thing. And for another, data stored on-device is still accessible to law enforcement if they have possession of the device and can unlock it. But it’s a distinction worth noting. HealthKit was designed from the ground up to be cryptographically secure in this way — a fundamental difference from cloud-based period tracking services that are only now working on “anonymous” modes.

You can check which apps have access to what Health data in Settings → Health → Data Access & Devices.

Monday, 27 June 2022