Enlarge image
Smartphone user: Some programs could suddenly become dangerous
Photo: Silvia Izquierdo/ AP/dpa
The app looks friendly: everything is purple and pink and has an ethereal feel.
It's about star constellations, the full moon, horoscopes.
And about menstruation.
Stardust is the name of the app, star dust.
She combines astrology with self-care and a bit of science: the stars, the sun, the moon, the cycle - all in harmony.
In the meantime Stardust was number one of the most popular apps in Apple's App Store, millions have installed them.
It is intended to help anyone who is menstruating to keep track of and understand their cycle.
When is ovulation, when are mood swings likely?
Stardust is also a bit of a diary: the app asks how much sex you have, whether you drank alcohol or smoked cannabis today and how you feel.
self critical?
energetic?
Depressive?
Such an app learns a lot about its users.
Not only when you menstruate, but also when a menstruation is missed.
Are women trying to get pregnant?
Are you pregnant?
Is this pregnancy suddenly over?
The apps could be dangerous for their users
Until recently, Stardust's terms of service stated that they could provide de-identified, encrypted user data to law enforcement agencies "regardless of whether we are legally required to do so or not".
Stardust has since changed this wording.
But the only thing they can do is limit the damage.
Across the US, women are deleting their menstrual apps, and social media is teeming with calls to do so.
Because the well-informed apps could possibly be dangerous for women: The right-wing conservative Supreme Court has overturned the general right to abortion in the USA.
So-called trigger laws came into force immediately in 13 states, some of them being among the most restrictive in the world.
In the state of Kentucky, for example, abortion is now a criminal offense, even in cases of incest or rape there are no exceptions.
"We're not going back," says the posters of demonstrators demonstrating against the verdict.
Eva Galperin, cybersecurity researcher at the Electronic Frontier Foundation, tweeted: "What's different today than it was back when abortion was illegal in the United States: We live in an era of unprecedented digital surveillance."
The fear: The data that tech companies collect could be used against their users.
Google searches, location data, health data.
Menstrual apps mainly store the latter, some also collect location data.
Such data can show whether there is or has been a pregnancy.
They can provide clues as to whether someone has attended an abortion clinic, perhaps in another state where abortions remain legal.
There are already precedents
When law enforcement is trying to prosecute a woman for having an illegal abortion, "they can search any app on her smartphone," Sara Spector, a Texas attorney, told the Guardian.
This also applies to menstrual apps.
There is precedent for law enforcement agencies also using digital leads to collect evidence of abortions.
In 2017, Mississippi resident Latice Fisher was charged with second-degree murder following a miscarriage.
Her search history served as evidence, among other things: She had searched for two drugs that are used for abortions.
The charges were only dropped after several years.
However, it is not only law enforcement agencies that could access such sensitive data, but also private individuals, such as militant opponents of abortion.
Because data dealers sell, among other things, transaction data in the USA.
For just $160, journalists from the online medium Vice could buy such data and identify where people traveling to an abortion clinic came from.
The fact that this data is generally available in anonymized form does not have to be a major obstacle: scientists repeatedly point out that it may be possible to de-anonymize it.
The case of Flo shows that cycle apps do not always handle their users’ data carefully.
Flo is one of the most popular cycle apps, it is said to have been installed more than 100 million times on smartphones.
But research by the Wall Street Journal revealed that the app shared data.
In 2020, the US Trade Commission (FTC) filed a complaint against the app, saying Flo shared "health data from millions of users" with third parties, including Facebook's and Google's analytics services.
Flo and the FTC agreed in January 2021 that the app had to inform the affected users afterwards and ask the third parties to delete the data received.
A statement from the company says: "It is Flo's top priority to protect user data." And:
Operators try to limit the damage
Users in the USA, says Frederike Kaltheuner, are particularly at risk.
Kaltheuner works at the NGO Human Rights Watch, where she heads the technology department.
"Unlike Germany, there is no comprehensive data protection law at the federal level in the USA," she says.
There are rules for handling personal information, for example in the healthcare sector, "but they only relate to actors who are part of the healthcare sector, i.e. doctors or health insurance companies." Health data in a very narrow sense is therefore protected, but "data from Apps and websites do not«.
You can buy a wide variety of data completely legally in the USA.
Meanwhile, the operators of the menstrual apps are trying to limit the damage.
The makers of the Flo app, for example, announced an anonymous mode on Twitter that will soon be available to all users.
Name, email address and technical identifiers should no longer be associated with the account.
Previously saved data can be deleted.
A spokesman for the Berlin app Clue tells SPIEGEL that the app is "obligated under the strictest data protection law in the world to give special protection to health data" under the General Data Protection Regulation.
We do not share data with advertising partners, "and we do not sell user data to third parties".
The Stardust app has since removed a wording from its privacy policy.
You will only share data with law enforcement agencies if you are legally required to do so.
However, this data is all encrypted and anonymous and cannot be linked to the users.
The app does not even collect location data.
Apps aren't the only problem
In any case, menstrual apps are probably the most obvious place where sensitive data about pregnancy is stored – but perhaps not the most insecure.
Many apps try to collect location data.
Even an apparently harmless online game can detect that someone has visited a clinic.
"We should start with the data that is already being used to criminalize people," says attorney and technology expert Cynthia Conti-Cook of the "New York Times".
Text messages to friends, for example, Google searches for abortion drugs, browsing history showing that you've looked at information about abortion.
The US Digital Defense Fund recently published an online guide on how to protect your data: For example, by using encrypted messenger services and browsers that do not save search history.
"The bottom line is that privacy only becomes important when it's already too late," says Frederike Kaltheuner of Human Rights Watch.
"When what was legal today becomes illegal tomorrow."