A group of ten state Attorney Generals recently urged Apple CEO Tim Cook in a letter to strengthen privacy and security safeguards for Apple App Store products that monitor, collect, store, or transmit information about reproductive health. Attorneys general from California, Connecticut, Illinois, Massachusetts, North Carolina, Oregon, Vermont, Washington, and Washington, D.C. all signed the letter, which was prepared by New Jersey’s Matthew Platkin.
Following the Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, states now have the authority to control abortions. Several states have already passed laws outlawing or severely restricting abortions. The state AG’s are concerned that the health information gathered by health applications can be employed by law enforcement and corporate entities. In order to evaluate the security of health apps and how they gather, utilize, share, and preserve user data, AG Platkin cited a Mozilla Foundation analysis of the most widely used reproductive health applications. 18 of the 25 most popular apps, including period trackers, pregnancy/fertility apps, and health and fitness applications, either failed to follow proper privacy and security practices or obscured the extent of the data the apps collected. Many of the apps’ privacy policies were vague, particularly when it came to disclosures to law enforcement. Additionally, many of the applications did not adhere to basic security requirements, including those for data encryption, automated security upgrades, having a transparent and easily available privacy policy, and requiring strong passwords. The majority of the applications also asked users to enter information that had nothing to do with the health services they were providing.
According to the AGs, security and privacy flaws in health applications that are available through the App Store endanger the privacy and safety of App Store users, which clearly contradicts Apple’s stated commitment to protecting user data. Apple claims that the Apple Health app has robust privacy protections built in, including 2-factor authentication and the encryption of all health information until an Apple iPhone is accessed using a passcode, Touch ID, or Face ID. In addition, the most recent versions of iOS and watchOS feature default 2FA and passcode-restricted access, which means Apple is unable to examine users’ health data.
State AGs have encouraged Apple to take more measures to protect customer privacy because they believe the corporation hasn’t gone far enough. They have urged Apple to mandate that third-party app developers remove any non-essential user data, including browsing history, search queries, and other relevant data of users who could be looking for access to reproductive healthcare. They ask Apple to require all third-party app developers to only reveal reproductive healthcare data in response to a legitimate subpoena, search warrant, or court order, as well as to display prominent notices warning iPhone users that it may be possible for their medical information to be disclosed to third parties. State AG’s contend that Apple should require any third-party that collects or transmits reproductive healthcare data to meet Apple’s privacy standards. In the event an application does not meet the requirements, they should be promptly removed from the App store.
State AG Platkin argues that in order for Apple to stay true to their commitment to protect its users’ sensitive data, the tech company should implement these steps. Doing so will provide Apple’s users with a safe experience.