In 2017, I downloaded a period tracking app as recommended by a friend. I would go on to use it for a few months before losing my mobile phone. I forgot to re-install it on my new device, and until recently, I didn’t use any such health app.
Thinking back, all I needed was a mobile tool that would help me keep track of my monthly cycle and nothing more.
And as long as the app did that, I was satisfied. Interestingly, it offered a lot more than period tracking, like a locked diary and some occasional pop-up ads that enlightened me on girl-related stuff.
From a Techpoint Africa Twitter survey, I confirmed that many people only care about the services health apps offer like me. Chances are they trust the companies that make the products.
Do you use health apps (fitness tracker, period tracker, sleep tracker, etc) and why (you can also reply to give more context)?
— Techpoint Africa (@Techpointdotng) January 20, 2021
With many people moving to other messaging platforms like Signal and Telegram, it is safe to say that concerns about data safety on WhatsApp set off alarm bells.
But then, none of these platforms can sufficiently guarantee the safety of users’ data. Every app you install on your smartphone requests that you part with a valuable piece of information about yourself. The only difference is in their terms; some apps “need more personal details to work with” than others.
A report by USwitch, a UK-based price comparison service company, confirms that many health apps have access to more user information than is necessary.
For clarity, the term ‘health app’ covers services, including fitness tracking, weight tracking, period tracking, and sleep tracking, among others. Immensely popular, many of these apps come with smart devices like the Mi Band and other smartwatch brands. There are also popular companies like Strava, Flo Health, Fitbit, and big names like Google, Samsung, and Apple, which have dedicated fitness apps.
Using a 24-point grading scale, USwitch’s report noted that many health apps have access to at least 13 data sets. Of the 15 apps considered, MyFitnessPal, a weight tracking app, requests 20 out of 24 most common data sets requested by apps.
To put this in perspective, that is 14 data sets more than what WhatsApp requires. On the list with 15 points are Flo -- one of Nigeria’s most downloaded period tracking apps -- and popular running and cycling app, Strava.
This should concern any user because personal data -- most of which ends up being shared with third parties for promotional purposes -- is at stake here. Unfortunately, users inadvertently give these companies their consent to do as they please with their data.
However, below that is ‘how we use your personal data’ and ‘third party processing your personal data’ and other sometimes incomprehensible information.
Despite many people failing to open privacy policies before accepting them, there is usually an outburst once regulators expose what companies do with their data. The Facebook-Cambridge Analytica scandal is a case in point, and there are others.
In September 2019, period tracking apps -- Maya by Plackal Tech, My Period Tracker by Linchpin Health, and three others -- were accused of sharing private data with Facebook. Conversely, Period Tracker Flo by Flo Health and other apps were considered safe.
Ironically, early in 2021, US federal regulators accused Flo Health of also sharing user information with third parties such as Facebook and Instagram.
In July 2019, a particular trend saw people post pictures of themselves ageing on social media; on Twitter, for instance, it was called the #FaceAppChallenge. People uploaded their photos on FaceApp, a mobile app which generated what they would look like if they were older.
Many celebrities jumped on the trend, and before long, the app topped the list of most downloaded free apps on the Google Play Store and App Store.
Before the craze died down, data privacy experts warned that privacy and personal information were at stake. They said that users should be concerned about the permissions they were granting the Russian-based AI app. As questions about privacy kept cropping up, the app came under scrutiny.
Although FaceApp only requests permission to access your photos and Facebook account, we cannot determine the latter’s reach. And this is the same concern with playing Facebook games.
Fitness-tracking devices and apps keep different sets of personal user data -- from pulse to heart rate to location to workout routine -- that can be valuable in the targeted advertising market.
Why you should be bothered
These companies claim that they only request for personal data to help users increase the accuracy of their predictions and for research purposes.
An excerpt from Flo that highlights the problems being discussed says, "We may share some of your non-health Personal Data with AppsFlyer, a mobile marketing platform, that handles your Personal Data in accordance with our instructions.
"By using AppsFlyer and its integrated partners, we are able to reach you and people like you on various platforms and spread the word about the App to help more women to stay in control with their health and well-being. If we need to share your Personal Data with other platforms for this purpose, except as defined herein, we will ask for your consent. If this is required by law, we will secure your consent to share your non-health data with AppsFlyer and its integrated partners."
There's no law prohibiting fitness apps from selling their users’ data and a typical clause attached to third-party sharing promises anonymity. But are you anonymous?
In 2018, Strava was in the public’s eye because its global heat map which uses GPS information to map locations and activities might have revealed the locations of secret military bases around the world. Consequently, it altered its settings to allow users to opt out of sharing such information.
Some of these companies also deserve credit for sticking to their guns when required to give out user information during court proceedings.
Nevertheless, privacy policies should not be rocket science. They should be clear enough for users to easily decide if they are willing to divulge specific details of their lives.