Fertility-tracking apps like Glow ask for intimate details: sexual activity, history of abortions, cervical mucus consistency, orgasm frequency, preferred sex positions. And 4 million Glow users complied, uploading extremely private information about their health and sex lives.
But Glow users’ private information wasn’t private at all, according to a new study by Consumer Reports. Due to a series of security flaws, a person with no hacking skills could crack into Glow accounts, change passwords, find users’ locations, and read their most intimate medical information. It’s confirmation of many tech-savvy women’s fears: that women’s health apps don’t know how, or don’t care, to protect users’ privacy.
Glow is an app by men, primarily for women. One woman sits on the company’s six-person executive team. The app is the brainchild of former PayPal CEO Max Levchin. If his career pivot from money-transfer mogul to professional period-planner seems a strange one, consider Glow the way Levchin does: as part of a broader network of data collection companies.
“Glow isn’t a mere ovulation calendar,” Farhad Manjoo wrote for Slate when Glow launched in 2013. “Instead it’s something more ambitious and, depending on your views about your personal data, it’s creepier. It’s a data tracker.”
Glow’s parent company HVF is more explicit about this philosophy.
“[HVF’s] core thesis is that thanks to low-cost sensors of every imaginable type, near-ubiquitous wireless broadband, advances in distributed computing and storage, data is becoming our most plentiful, and most under-exploited commodity,” the company’s website reads. “The insights mined from it will unlock enormous productivity gains… Building on the core thesis, HVF searches relentlessly for opportunities that create value by leveraging data.”
Glow is a data mine, and the app will accept as much information as a user can give.
Every day, female users are encouraged to upload their body temperature, sex drive, alcohol intake, sexual activity, cervix position, and more. They can cross-reference their data with male partners, who are encouraged to dutifully upload intimate information like their masturbation habits. Users who crave even more feedback can take their questions to supposedly anonymous Glow forums, where people seek advice on everything from sex positions to dealing with the aftermath of rape.
Glow is hardly unique in this respect. The smartphone has ushered in a whole subgenre of menstrual-tracker apps, which often ask for the specifics of users’ health and sex lives. And while Glow takes the tactic further than most—i.e., asking for users’ sex positions—it’s all done in the name of making informed health decisions.
But app-developers aren’t running a charity here: free apps like Glow need to make money somehow. And since the advent of period-tracking apps, women have worried about the data they upload, specifically what the app companies do with it.
Large social networks (think Google and Facebook) often fund their free services by selling off large swathes of user data to advertisers. Menstrual app Period Tracker Lite has been accused of (and denies) selling data. Pharmaceutical companies have asked to buy data from the iPeriod app, the app’s founder told Financial Times in 2013. And apps like Glow allow users to sign in with Facebook, inviting concerns about the social network’s potential to craft targeted ads for Glow users who link their accounts.
While its terms of service profess never to sell information that would personally identify users, Glow does share user data in bulk. “We may share your personal information with third parties in an aggregate and anonymous format combined with the information we collect from other users,” the app’s terms of service read. Jennifer Tye, Glow’s head of U.S. operations told The Daily Beast that they only shared the data with health companies, and in the interests of medical research.
But ultimately, Glow didn’t even need to “share your personal information with third parties.” The third parties—from an ex-partner to a stranger online—could have easily accessed women’s profiles through a number of security flaws.
Glow’s most obvious security loophole inspired ethical outrage before anyone thought to hack it. The app encourages female users to link their profiles with those of their (presumably male) partners, inviting them to know the details of their sex lives and possible pregnancies.
“But what if a woman does not want her partner to know everyone she is having sex with?” Moira Weigel speculated in a Guardian article earlier this year. “Or to bring her water, if she has not logged enough glasses that day? You may not want your man to anticipate your menstrual cramps.”
Glow assumed women would want to share their data with male partners. So strong was this assumption that female Glow users had no option to block a man who requested to link profiles, Consumer Reports found.
Male users with a Glow profile can input a woman’s email address to request access to her Glow account. As long as the woman’s profile “wasn’t already linked with another one, the first person who invited her instantly gained access to her data,” the Consumer Reports study found. “That means that until this week anyone—loving partner, obsessive ex-husband, or anonymous creep—could link his account to any Glow user’s, if he knew the woman’s email address.”
Another security flaw came from the Glow forums, those communities of purportedly anonymous support. In the forums, users are identified only by initials. But Consumer Reports found that a free security testing app could expand user details, showing information that “included the post writer’s full name, her email address, her rough location, and a number of details from her health log.”
Using the same free security software, the Consumer Reports team was also able to override any user’s password, gaining full access to any account—and all this with minimal technical know-how.
Before publishing their findings last week, Consumer Reports reached out to Glow, which fixed its numerous security concerns. Tye tells The Daily Beast that Glow sent an email to users, recommending they change their passwords.
In a Twitter statement, executive chairman Max Levchin said the company had no evidence to suggest a hack. His previous companies, the gender-neutral PayPal and financial company Affirm, have never reported security flaws of Glow’s scale.
With Glow’s possible breach patched, the company says users can upload their data in safety—where it will only be shared in bulk with anonymous third parties.