Family planning apps have become more popular lately, but as these apps receive more attention, some of them are facing serious criticism. A Consumer Reports investigation has accused fertility app Glow of containing several security flaws. The flaw has since been patched, and Glow confirmed to Digital Trends on Twitter that it hasn’t found any evidence that user data was compromised.
According to the report, investigators were able to access extremely sensitive, personal information about users’ sex lives, miscarriage histories, abortions, and more — all by way of a privacy loophole related to the way Glow lets couples link accounts and share data.
Moreover,the Pregnancy Glow community forums somehow contained personal data like users’ names, email addresses, locations, birthdays, and other health details entered into the app. The Consumer Reports team said that this data was easy to uncover using a free, downloadable security testing app, and was then parsed using an online calculator.
As Consumer Reports noted, “The problem with this is that Glow made it a little too easy to connect accounts: a malicious user could add him- or herself to an account without the [account holder] granting them permission to do so, and have access to some very personal data without her even knowing.”
Following TechCrunch’s initial report of these security flaws, Glow investor and executive chairman Max Levchin took to Twitter to ensure nervous parties that the Glow team had “corrected the potential issues,” and further insisted that there was “no evidence to suggest that any @GlowHQ data was compromised.” The Glow team further noted that it had contacted all its users to reset their passwords, update the app, and re-link the app with their partner’s account.
— Max Levchin (@mlevchin) August 5, 2016
“We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app. The industry only gets stronger with white hats who are looking to protect consumers. Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app,” said Jennifer Tye, Glow’s head of U.S. operations. “We also informed users via email to consider changing their password as an extra precaution.”
Tye concluded, “Of the more than 4 million users across our apps, far less than 0.15 percent of our users could have potentially been impacted, but there is no evidence to suggest that any Glow data has been compromised.”
That said, some might be concerned that Glow was reacting to these reports, rather than proactively looking for potential vulnerabilities themselves.
“We were troubled by the nature and depth of the security problems we discovered,” said Maria Rerecich, Consumer Reports’ director of electronics testing, who oversaw the analysis. “But we were pleased to see how quickly Glow responded to our concerns.”
Article originally written by Lulu Chang. Updated on 8-8-2016 by Malarie Gokey with a response from Glow.
- TaskRabbit back online after cyberattack, warns users to monitor their accounts
- Federal investigation into Equifax hack said to wither, even with more data exposed
- TaskRabbit app goes down as it investigates ‘cybersecurity incident’
- BitGrail cryptocurrency exchange loses $170 million in Nano tokens
- Everything you need to know about the performance dip on your iPhone