Usable Privacy in Female Health Apps

Lisa Malki, Dilisha Patel and Mark Warner

Google Gift

Data deletion is an important privacy mechanism as it allows users to control what data exists about them across different systems, and allows them to be “forgotten”. Recent legal changes around abortion in the US have highlighted the importance of privacy mechanisms like deletion within female health apps, as this data (e.g., menstruation cycles, eating/drinking habits, training schedules, medical histories, online support resources) now has the potential to be used to criminalize individuals, especially women and people who menstruate. Further, although abortion in the UK is accessible during the first 24 weeks of pregnancy, the UK abortion laws are more precarious than many understand. Having an abortion is still a criminal act in the UK, and those who procure abortion illegally may face life imprisonment. Therefore, the research we conducted here has never been more timely. Through a comprehensive app privacy policy review, a user interface (UI) usability inspection, and a complimentary interview study with app users, this project explored usable in-app data deletion mechanisms around sensitive data within female health apps. The research allows us to better understand the current data retention and deletion practices (including lawful access requests), current weaknesses, and good developer practices around deletion mechanisms. Through in-depth user interviews, we developed a set of user mental models to understand how users comprehend data deletion within these apps. We used our findings to develop actionable insights and design recommendations to improve the development of deletion mechanisms within these apps, with the aim of improving user privacy and safety.

Main findings

Our findings revealed problematic practices, including inconsistencies across privacy policy content and privacy-related app features, flawed consent and data deletion mechanisms, and covert gathering of sensitive data. We present recommendations for improving privacy practices, and call for a dedicated focus not only on user privacy, but also safety.

Publications

Malki L, Kaleva I, Patel D, Warner M, Abu-Salma R. Exploring Privacy Practices of Female mHealth Apps in a Post-Roe World, Proceedings of the CHI Conference on Human Factors in Computing Systems (CHI ’24), 16 May 2024.