Actual Cases

Glow Pregnancy App Exposed Women to Privacy Threats

Glow privacy leak

Glow has responded by fixing the problems and updating the app

Glow is a mobile app designed to help women track their menstrual cycles and fertility. Like similar apps, it asks users to record the onset of their periods, along with details such as their weight and medications. Glow also asks for intimate physical details, including the appearance of their cervical mucous and the position of their cervix (the app has instructions for determining these characteristics), any history of abortions, whether they’ve experienced anything from diarrhea to low sex drive, their mood, and more.

Recently, Consumer Reports tested Glow for security and privacy features as part of a broader project, and found surprising vulnerabilities. One security flaw might have let someone with no hacking skills at all access a woman’s personal data. Other vulnerabilities would have allowed an attacker with rudimentary software tools to collect email addresses, change passwords, and access personal information from participants in Glow’s community forums, where people discuss their sex lives and health concerns.

Glow Pregnancy App Exposed Women to Privacy Threats
Consumer Reports found a security flaw, since fixed, in how two Glow accounts could be linked.

We concluded that it would be easy for stalkers, online bullies, or identity thieves to use the information they gathered to harm Glow’s users. In July, we shared our concerns with Glow, Inc., the company that makes the app. The executive we spoke with was not aware of the potential vulnerabilities, and the company moved quickly to correct them.

“We were troubled by the nature and depth of the security problems we discovered,” says Maria Rerecich, Consumer Reports’ director of electronics testing, who oversaw the analysis. “But we were pleased to see how quickly Glow responded to our concerns.”

Last week, an updated version of the app went live in Apple’s App Store and the Google Play Store, and Glow also made changes to its internal systems. We’ve evaluated the app again and confirmed that the major security flaws, which are described below, have been addressed. On Wednesday, Glow emailed users telling them about the fixes. The app we tested was one of four developed by the company; the other three are Eve by Glow, Glow Nurture, and Glow Baby. The company says it has 4 million users in total.

“We appreciate Consumer Reports bringing to our attention some possible vulnerabilities within our app,” Jennifer Tye, head of U.S. operations, said in a statement. “Once informed, our team immediately worked to address and correct the potential issues and have since released an updated version of the app. We also informed users via email to consider changing their password as an extra precaution. … There is no evidence to suggest that any Glow data has been compromised.”

Consumer Reports joins Glow, Inc. in urging all users to update the app and change their password. Glow lets users link their accounts with a partner, so that he or she can share health information. Users who take advantage of that feature should disconnect and then reconnect with their partners.

Read the full article from here