Report: Most Mental Health, Prayer Apps Have Abysmal Security And Privacy Standards

from the the-more-things-change dept

From the Internet of very broken things to telecom networks, the state of U.S. privacy and user security is arguably pathetic. It’s 2022 and we still don’t have even a basic privacy law for the Internet era, in large part because over-collection of data is too profitable to a wide swath of industries, which, in turn, lobby Congress to do either nothing, or the wrong thing.

Apps routinely aren’t much of an exception. Mozilla’s latest *Privacy Not Included guide analyzed the privacy and security standards of 32 mental health and prayer apps, and gave 29 of them a “privacy not included” warning label indicating they failed to adhere to even basic user privacy standards:

“The vast majority of mental health and prayer apps are exceptionally creepy. They track, share, and capitalize on users’ most intimate personal thoughts and feelings, like moods, mental state, and biometric data. Turns out, researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with our most intimate personal information.”

The problems included an over-collection and sale of data (including the collection of some mental health chat transcripts), poor password creation standards, and nebulous and undercooked privacy policies. Better Help, Youper, Better Stop Suicide, Woebot, Talkspace, and were deemed the worst offenders. Only three of the 32 app makers responded to a Mozilla request for comment.

The discovery shouldn’t be particularly surprising. Back in February Politico revealed that a top suicide help hotline was caught collecting and selling “anonymized” (a useless term) user data.

The U.S. isn’t known for quality mental health care, but online mental health apps and services are booming, with a particular focus on the sale of ketamine and psychedelics for therapeutic use. But many of these services have all the kinds of problems you might expect (shoddy therapy, incorrect doses) before you even get to the potential privacy problems that will ultimately and inevitably appear.

Again, abysmal federal security and privacy standards and feckless, under resourced U.S. privacy regulators are an intentional feature, not a bug.

It’s not that difficult to pass a baseline privacy law for the Internet era that at least erects some basic guard rails and base-level accountability for bad actors and executives. But we have no such law because a huge array of industries have lobbied Congress into apathy and dysfunction, with the cost being repeatedly borne by ordinary Americans.

It will keep happening until there’s a privacy and security scandal so idiotically ferocious that the problem will be impossible to ignore (probably involving either significant deaths, or the extremely sensitive and personal data of powerful people). Even then, there’s no guarantee a grotesquely corrupt U.S. Congress will be willing or able to respond competently to the challenge.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Report: Most Mental Health, Prayer Apps Have Abysmal Security And Privacy Standards”

Subscribe: RSS Leave a comment
ECA (profile) says:

Re: Problem

Comes with all the sites created in RL, that are to Monitor us.

Then there is the reality that after you count all the Server break-ins, Including the ones NOT in the news. Every bit of our Data is already out there.

But for some reason, Who really needs Perfect Privacy? Its a dream. But there are Few reasons for it. #1 So that they can Tag you, for all the money you spend and get. With your SS#, anyone can goto the credit agency and get all your data. If you had a way to deny anything, it was lost with your Perfect privacy.
Once all the data is out there, you can deny Just about anything that does NOT match your patterns. No one checks your ID anymore, except for Cigs and alcohol.

Naughty Autie says:

This is why I always check permissions very carefully before installing any app, and don’t allow anything with a permission not explained by the app’s alleged functionality. This file manager wants access to the physical SD card? That’s fine. This game wants access to the dialler? It ain’t going on my phone! The only exceptions are Internet access, which is more often rhan not used to display adverts, but no keyboard app with that permission goes on any of my devices for obvious reasons.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...