Researchers at the Mozilla Foundation said that these apps collect extremely sensitive and personal information from their users while having “exceptionally creepy” policies in place — an unnerving combination.
About Mozilla’s Privacy Guide
Mozilla’s research is a part of its *Privacy Not Included guide, which takes a look at the privacy and security safeguards on popular smartphone apps across a range of categories. Worryingly, Mozilla said that apps in the mental health and prayers category are worse than any other they have studied over the last six years. This is especially important considering the kinds of data this category of apps collects. Many of their customers deal with severe health issues like depression, anxiety, suicidal thoughts, and eating disorders. Some are even victims of domestic violence, or suffer from PTSD. But despite collecting such sensitive information, they employ weak data security practices, including:
Sharing data with third parties Allowing users to set weak passwords Targeting users with personalized ads Having poorly drafted and vague privacy policies
28 out of 32 Apps have weak Privacy Protections
The researchers at the foundation studied 32 mental health and spiritual wellness apps, and spent 255 hours (over 8 hours per app) working on the guide. They found that 28 of these apps had several red flags, and gave them the report’s namesake “privacy not guaranteed” label. 25 of these apps did not meet Mozilla’s Minimum Security Standards. This is a list of standards that includes requirements such as having strong passwords and managing security updates. “The vast majority of mental health and prayer apps are exceptionally creepy,” said Jen Caltrider, the report’s lead. “They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data. Turns out, researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with our most intimate personal information.”
BetterHelp Among the Worst Offenders
The report also provides a list of the six apps with the worst privacy safeguards. These are BetterHelp, Youper, Woebot, Better Stop Suicide, Pray.com, and Talkspace. Furthermore, Mozilla reported that nearly all of the reviewed apps heavily harvested personal data. While this creates a security concern, entities like investors, insurance collectors, and data brokers benefit from this massive data collection. As far as security goes, 8 of the apps allowed for weak passwords like “1” to “11111111.” Mozilla said it could not determine if most of the companies even had a mechanism to manage vulnerabilities in their apps. The companies also did not cooperate with Mozilla’s research. Only one out of 32 responded to the foundation in a timely manner. “Hundreds of millions of dollars are being invested in these apps despite their flaws,” said Misha Rykov, who also developed the guide. “In some cases, they operate like data-sucking machines with a mental health app veneer. In other words: A wolf in sheep’s clothing.”
Two Apps Make the Cut
On a positive note in Mozilla’s report, there were two apps that met Mozilla’s basic privacy and security standards. Mozilla said that both apps listed below had strong protections and really valued user privacy: If you found this story interesting, you should check out our detailed guide on how to set up Mozilla’s Firefox as an anonymous browser. Considering they carry some of the same concerns, you may also want to have a look at our article on managing privacy settings on fitness apps.