Many of the top mental health apps have serious cybersecurity flaws and privacy shortcomings, a study by Mozilla has found.
In its latest Privacy Not Included report, the Firefox browser maker investigated the privacy and security features on offer for a number of mental health and prayer apps, uncovering a worrying number of issues.
Some of the apps investigated, including big names such as headspace, Pray.com, Calm and Talkspace, had millions of users and app downloads, potentially putting many users at risk.
Not so restful
Mozilla analyzed 32 mental health and prayer apps, awarding 29 of these a “privacy not included” warning label, showing that the report team had concerns over how the app used or managed user data.
Among the most common issues was extensive data gathering, with many of the apps collecting a vast amount of personal information on users. Although many of the studied apps pledged not to sell or pass on this information to third parties, Mozilla found that many were in fact doing the opposite, raising significant privacy concerns.
Some of the worst offenders included Talkspace, which reportedly collects private therapy chat logs, and uses personal user information - including such "psychotherapy notes" - for marketing, targeted advertising and research purposes.
In a statement, Talkspace told TechRadar Pro: "Mozilla’s report lacks context from Talkspace and contains major inaccuracies which we are working with Mozilla to address. We have one of the most comprehensive privacy policies in the industry, and it is misleading to assert we collect user data or chat transcripts for anything other than the provision of treatment."
"We recently updated our privacy policy to be more transparent with customers and provide clarity on data-sharing policies. Talkspace’s Notice of Privacy Practices linked here also provides additional information on how data is used in collaboration with the updated privacy policy."
Calm, which is one of the most popular apps around, boasting millions of users across iOS and Android, not only collects large amounts of personal information, but Mozilla found also gathers data from outside sources, as well as employing multiple tracking and data collection tools to target ads and share information with a number of third parties.
“The vast majority of mental health and prayer apps are exceptionally creepy,” Jen Caltrider, Mozilla *Privacy Not Included guide lead, told The Verge in a statement. “They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data.”
Mozilla notes that users should always read through an app's privacy and user information practices before deciding to sign up, especially when concerning such important aspects as mental health.
Via The Verge
