Mozilla’s latest *Privacy Not Included guide called out 29 mental health and prayer apps handling privacy poorly. Since then, six companies have said ‘mea culpa’ and changed their practices. But the industry as a whole remains untrustworthy.
Update: Calm, one of the most popular meditation apps now allows all users to access and delete their data, effective June 16, 2022.
What’s the price for using mental health and prayer apps? Data, data, and some more data.
The latest edition of Mozilla’s *Privacy Not Included consumer tech guide revealed how spectacularly mental health and prayer apps neglect users' privacy, harvest sensitive personal data, and capitalize on it as a business asset.
The six apps implementing these changes are Recovery Record; Hallow; Breathe, Think, Do by Sesame; Modern Health; Woebot, and recently Calm.
We applaud the companies that have made changes in response to our *Privacy Not Included buyer’s guide and we hope others will follow. Mental health apps provide a vital service to millions of people, particularly at this challenging time. Unfortunately, the changes we are witnessing show how these apps were, and sometimes still do, fail to protect their users. Offering mental health services should not come at the expense of users’ personal information. We are glad that this crucial research is eliciting interest and real-time change.
Ashley Boyd, Vice President Advocacy and Engagement Mozilla
Here’s a round-up of the notable changes:
Data sharing with third parties. Recovery Record now clearly states that it won’t sell or share data with third parties for direct marketing purposes. This follows a review of their policy dated May 2, 2022 where they removed vague consent caveats, such as: “unless we have your permission” and “for any purpose” referring to the use of aggregate data - data gathered from multiple sources.
Now requiring strong passwords. Hallow and Recovery Record apps have also changed their password requirements to at least eight characters and will flag weak, repetitive/sequential passwords. Before; Mozilla’s review noted that eight apps did not require strong passwords, ranging from “1” to “1111111”. Moodfit app still accepts a single-digit password.