How private is your period?: A systematic analysis of menstrual app privacy policies

Authors: Laura Shipp (Information Security Group, Royal Holloway, University of London), Jorge Blasco (Information Security Group, Royal Holloway, University of London)

Volume: 2020
Issue: 4
Pages: 491–510
DOI: https://doi.org/10.2478/popets-2020-0083

Download PDF

Abstract: Menstruapps are mobile applications that can track a user’s reproductive cycle, sex life and health in order to provide them with algorithmically derived insights into their body. These apps are now hugely popular, with the most favoured boasting over 100 million downloads. In this study, we investigate the privacy practices of a set of 30 Android menstruapps, a set which accounts for nearly 200 million downloads. We measured how the apps present information and behave on a number of privacy related topics, such as the complexity of the language used, the information collected by them, the involvement of third parties and how they describe user rights. Our results show that while common pieces of personal data such as name, email, etc. are treated appropriately by most applications, reproductive-related data is not covered by the privacy policies and in most cases, completely disregarded, even when it is required for the apps to work. We have informed app developers of our findings and have tried to engage them in dialogue around improving their privacy practices.

Keywords: menstruapps, privacy policy, GDPR, periodtracking

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.