Fertility and Period Apps Can Be Weaponized in a Post-Roe World

Apps collect sensitive data that could be subpoenaed by law enforcement or sold by data brokers, putting women seeking abortions at risk.
A collage with a knife and a pregnancy test.
Illustration: Elena Lacey; Getty Images

When the draft of the Supreme Court’s decision on Roe v. Wade was leaked to the public in early May, Elizabeth C. McLaughlin kicked off a social media storm. The founder of the Gaia Leadership Project, a company that trains women leaders and entrepreneurs, tweeted: “If you are using an online period tracker or tracking your cycles through your phone, get off it and delete your data. Now.” It had never occured to many women, until then, that their data could be weaponized against them. But experts that spoke to WIRED say that fertility and period-tracking apps—along with the myriad other data trails that users leave behind—could be a rich source of data for law enforcement looking to punish women if abortion is outlawed or criminalized.

“If there's an app out there that's collecting health data, it will soon be a target,” says Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project (STOP). “One of the sad ironies of this is that people who are actively trying to get pregnant will have a harder time using the technology to do it for fear of how that technology might be used against them in a court of law.”

Fertility and period-tracking apps vary, but most allow users to manually enter when their periods start and end, whether they use birth control, the length of their cycle, and their moods. Some allow users to track their periods as well as pregnancy. Many apps also allow users to sign in with their Google or Facebook accounts. Some also collect geolocation data.

WIRED reached out to five popular fertility and period-tracking apps: Flo, Glowing, Clue, Glow, and Pinkbird. Only Clue pointed to a public statement it released in the wake of widespread public concern. According to the statement, Clue abides by the European General Data Protection Regulation (GDPR), and “any change to US abortion laws would not affect these privacy protections.” The company did not address whether it would respond to legal requests for user data from law enforcement. In a statement to WIRED, Flo said that it “does not share personal health data with any third party” and that it “will never require a user to log an abortion or offer details that they feel should be kept private.” Glowing, Glow, and Pinkbird did not respond. None of the companies would comment on whether usership had dropped in the wake of the Supreme Court leak.

Search history and other data has already been used as evidence to criminalize those seeking an abortion in US states with stringent local laws. But privacy experts worry that the more granular data collected by period tracking and fertility apps could be particularly incriminating for those seeking an abortion. Just two weeks after the leaked decision, Vice reported that Narrative, a data marketplace, allowed anyone to purchase information about who had downloaded period-tracking apps (though not the data in the apps themselves), and last year, The New York Times revealed that Flo was selling its user data.

But most users will never know if their data has been sold or exactly how much is already out there. “Actually knowing where your data has gone and if your data was sold is almost impossible in this day and age,” says Deven McGraw, data stewardship lead at Invitae, whose platform Ciitizen helps patients control their health care data.

According to Fox Cahn, apps that collect and store data on their own servers are particularly dangerous, both because the data can be sold and hacked, but also because law enforcement can serve companies with subpoenas for user data. In a recent report, STOP pointed out that some apps let users store data on their phone—a much safer option—but one that still won’t protect them in the face of a search warrant.

But Fox Cahn says that the concern goes far deeper than just fertility apps. “Basically any health data app for pregnant people or potentially pregnant people could be weaponized.”

To understand how, one need only look at the country’s immigration infrastructure, says Paromita Shah, executive director at Just Futures Law. The Department of Homeland Security and Immigration and Customs Enforcement have long used data to surveil and arrest activists and immigrants, she says. “There is no consumer privacy law that I have seen that really can impact the police,” says Shah. “And they're buying this data to get around their obligations to follow the Constitution.”

Even if users decide to delete period-tracking apps, their data may have already been collected. For those who want to keep using them, McGraw says “it takes a lot of effort” to ensure data isn’t being shared. None of the companies responded to questions about their usership figures.

“Mostly what you can do, but which people rarely do, is pay a bit more attention to the terms of service and the privacy policies of the apps you use,” she says. But removing data that’s already out there would only be possible “if you've got a company that's covered by a state law that gives you a right of deletion.”

Euki, an app released by the international group Women Help Women, anticipated many of these problems. “When somebody creates an app, obviously they want to monetize, they want to pay for it. And the way they recoup their costs and make profits into the future is by marketing the data,” says Susan Yanow, a reproductive health consultant and the US representative for the organization. "We were never looking to make up that cost. The goal was to get it into the hands of as many people as possible, as securely as possible.”

Funding for Euki came instead from a grant obtained by Ibis Reproductive Health, a partner organization of Women Help Women. The app contains information about abortion, contraception, sexually transmitted infections, and miscarriages, stores all data on the user’s device rather than uploading it to a third-party server. It is password protected, and allows users to set up a second password that, when entered, will bring up a second, fake app, keeping even the nature of the app a secret. There is even an option to delete all of the collected data.

In the weeks since the draft decision leaked, Yanow says Women Help Women has seen a massive influx of users to the organization’s website—which she hopes will lead people to the Euki app.

“We truly believe that the person who owns the app is the person who should be deciding what to do about [a missed period or pregnancy], should that happen,” says Yanow.

Update 6/8/22 1:33PM ET: This story has been updated to include comment from Flo and to give the correct name of Women Help Women.