According to new findings from Ovie, a hacktivist and security researcher, the "WhatToExpect" pregnancy app has some serious security problems that could put users at risk. Ovie discovered multiple vulnerabilities, including a major issue with the app's password reset feature, which lets hackers easily take over user accounts. This is especially concerning for people storing sensitive reproductive health and abortion data in the app.
Ovie found that an exposed API endpoint could let hackers reset passwords without any proper checks, giving them full access to accounts. This is concerning with the current political climate around abortion access in the U.S., where abortion laws have been a huge focus since Roe v. Wade was overturned.
In response to this, companies have recognized the responsibility to protect sensitive health data. Google, for example, has taken steps to limit the collection of location data, especially for visits to clinics that provide abortion services. By disabling location history tracking for such visits, Google is helping to ensure that users' data is not misused, particularly in states where reproductive rights are criminalized.
If this data ended up in the wrong hands, users could face serious privacy violations like harassment, doxing, or worse, especially in places where reproductive rights are criminalized.
On top of that, Ovie's research showed that "WhatToExpect" is mishandling Personally Identifiable Information (PII). The app is exposing user data, like names, addresses, and reproductive details, with hardly any security measures in place. In some cases, things like the user’s due date and even the baby’s gender are being exposed through insecure APIs. Even worse, some data is stored in plain text, which raises major concerns about whether the app follows basic data protection practices like encryption.
Mozilla’s "Privacy Not Included" guide has been calling out "WhatToExpect" for bad data privacy for a while now. The app’s owner, Everyday Health, has a history of sharing and even selling users' data, including really personal stuff like location, health details, and social media info.
Mozilla says the app collects tons of data, not just from the users, but also from third parties like social media and data brokers. This data gets sold to advertisers and other third parties, which could mean a pregnant woman’s personal data ends up being used for targeted ads, or worse, exploited for political or legal purposes.
All these issues with security and data handling show a bigger problem with health-related apps, especially those dealing with sensitive information. With how politically charged topics like abortion are right now, apps that store this kind of data need to be more secure. Unfortunately, despite Ovie’s efforts to report these issues, "WhatToExpect" has pretty much ignored calls for improvement.
As data becomes more valuable, this situation really shows the risks of using apps that handle sensitive info. Whether it's identity theft, legal problems, or annoying ads, the lack of security in apps like "WhatToExpect" leaves users exposed. Until they fix these issues, people will have to decide if the app’s convenience is worth the privacy and security risks.
Image via Deposit Photos
_small.jpg)
0 Comments - Add comment