Digital security of period-tracking apps in question, UNF professor explains – UNF Spinnaker | #itsecurity | #infosec


The future legality of abortion in the United States has created countless discussions, and questions have arisen over how law enforcement could catch women seeking abortions regardless of the law. 

Period tracking apps with poor privacy practices could threaten to expose users who log missed periods and later seek out abortions. While this has yet to happen, “people should be really careful,” White House Press Secretary Karine Jean-Pierre said about using these apps. Even without a period-tracking app, many other apps use less than transparent privacy practices, such as location tracking.

Users’ precise locations can be sold to third-party companies, usually for advertising purposes, but can also be shared with law enforcement. Authorities can obtain warrants for users’ online information, such as their email communications, social media messages, network subscriber information and more. 

How exactly could my online data be used against me?

“So it all depends on how an app stores their data,” University of North Florida (UNF)  Computing and Information Science professor Richard Lentz said. 

If the data from your app is stored online, such as in a “cloud-based” backup service, Lentz explained the information from the cloud is stored in a database, often meaning the data is company property. While some services encrypt their databases, many don’t and the information they store is theirs to sell and share. 

Demonstrators gather outside the Duval County Courthouse to protest the recent Supreme Court decision to overturn the landmark abortion case Roe v. Wade on Friday, June 24, 2022. (Darvin Nelson)

Sometimes, apps save user information directly on the user’s phone. Without the cloud, Lentz explained, this may be more secure, although data can still be extracted by authorities if they obtain a warrant to search the device. 

In the case of period-tracking apps, police may not immediately obtain user data. Instead, the data could be (and has been) sold to third parties who might, in turn, share that information with authorities. 

The calendar data from an app alone might not be enough to incriminate a person, Lentz said. However, other online data — such as a person’s location being logged at a Planned Parenthood clinic or search engine logs of someone looking up emergency contraception — could be used together to incriminate a person.  

“One thing that is kind of unique about digital data is it’s very difficult to be like, yes, [this person] did this on their phone. You can’t really say that because the digital evidence definitely says that somebody used this phone and did this at this time,” said Lentz. “Unless there is a webcam video of you sitting there in front of the computer, it’s going to be pretty hard to exactly say yes, she was the one that did that.”

While data forensic analysts may not be able to say exactly who used a person’s device to engage in illegal activities, they can request warrants for a person’s online data from services such as Gmail, Comcast, Facebook and other services to see all the messages and IP address logs that were saved and create a picture of what someone was doing online and who they probably are.

What can I do to protect my data?

Even if you’re not planning on getting an abortion, understanding what your data apps store and how they use it can help you protect your privacy. 

“If you use Google Maps for like, traffic and stuff, that’s all running off everyone else’s phones,” Lentz said. “They don’t know there’s traffic. They know somebody’s phone is powered on in an area. So when you use those types of apps, you’re giving that data out to companies.”

A woman looks toward a Google sign as they walk out of frame
FILE – A woman walks below a Google sign on the campus in Mountain View, Calif., on Sept. 24, 2019. For myriad reasons, both political and philosophical, data privacy laws in the U.S. have lagged far behind those adopted in Europe in 2018. (AP Photo/Jeff Chiu, File)

While using a maps service may obviously use your location data, being aware of if an app continues to log your location after you’re done using it can also help protect you. 

VPN services can also protect WiFi networks from tracking your IP address and saving your search history, which is something law enforcement often requests from service providers for online criminal investigations. 

Lentz explained that any data that could be incriminating shouldn’t be stored. 

“For period-tracking apps, I know deleting your data every month probably doesn’t do a lot of good because you’re wanting to see a trend,” Lentz said. “Unfortunately, even if you delete it, there’s still a chance it can be recovered.”

Using apps, emails and search engines that are encrypted and are transparent about what they do with their user’s data is a way to begin protecting yourself online. Since things like credit card transactions can even be saved and shared by credit card companies, paying cash instead of directly through apps can offer further protection.’

___

For more information or news tips, or if you see an error in this story or have any compliments or concerns, contact [email protected].



Original Source link

Leave a Reply

Your email address will not be published.

84 − seventy seven =