A few years ago a Princeton professor, Janet Vertesi, got pregnant. But being a bit savvy in the ways of online trickery she paid for maternity clothes in cash, used the Tor browser to surf baby sites and banned friends and family from discussing the good news on Facebook or via texts. She didn’t want her unborn child to be tracked by advertisers and data brokers.
Kashmir Hill a journalist heard about this and when she was on the way to becoming heavy with child she decided to do the opposite. She downloaded a bunch of pregnancy related apps and decided to track the trackers with a tool called Recon. She also enlisted help from the Electronic Frontier Foundation. Her intention was to discover what data the apps were harvesting and whether it was secured.
Here are her top line findings:
- She used a bunch of period trackers apps and all were passing along user information to third-party analytics companies, social networks, and advertisers. These included Google, Facebook, Adobe, DoubleClick and Crashlytics. The data could help these companies to tag a smartphone as belonging to a “person trying to get pregnant.”
- A Washington state woman named Amy Pittman used the What To Expect app when she first got pregnant. She later had a miscarriage. But a week before she would have otherwise given birth, she received a congratulatory package in the mail from the baby formula maker Similac, one of the companies to which the app sells its user list.
- Many of the apps weren’t using encryption to send information along to their servers. As a result women writing in the apps’ message forums about personal things could have their messages intercepted by someone sharing their Wi-Fi network or providing their Internet service.
- An app called Glow app was passing along the phone’s IMEI, a permanent serial number for the device, to Appsflyer, an ad company. The number can be used to persistently track the user of the phone, as it can’t be changed even if the device is factory-reset.
In many cases Hill said she wasn’t able to find out how the information gathered on her will ultimately be used.
She added she expected to be deluged with ads online for baby products, but that didn’t happen until she actually started buying baby products after her daughter was born.
The apps asked for all sorts of information and many implied, without stating, that they were authoritative sources of medical information. However, when confronted about this they tended to row back and say they were just offering advice.
Some of them changed their policies when confronted by Hill. For instance, the Glow app owners said they wouldn’t collect the IMEI as long as an advertising ID is available; which is an identifier for your phone that can be changed.
The data brokering from some apps was harder to trace and Hill said concluded that murky nature of privacy in a world where a seemingly endless network of companies you’ve never heard of are collecting information about you and trying to monetize it.
The data-trading business is Kafkaesque and you don’t know who knows what about you or how it’s influencing what you see or how you’re treated; and information will inevitably leak out across platforms possibly leading to negative outcomes.
On the surface many of these apps can be useful but it’s what goes on beneath the surface and behind the scenes that is worrying.
For total online privacy check out BullGuard’s recently released VPN.