The Apple Watch still reigns supreme in the world of smart watches. You've got all your email, text, phone calls, music, podcasts, and more right there on your wrist (as long as you have an iPhone, of course). And it tracks lots of health data. There's heart rate, sleep tracking, steps, calories, blood oxygen levels, ECG, fall detection, and more. Apple has a pretty good track record of taking all this very personal data and keeping it safe, which we appreciate. But because “and more” can include menstrual cycle tracking, we took an even closer look at the Apple Watch’s privacy and security since Roe vs. Wade was overturned in the US in 2022 -- which allowed states to make access to abortion illegal. Still, Apple held up pretty well overall. They have a pretty good history of standing up to law enforcement requests for their users' data.
What could happen if something goes wrong?
Apple does a pretty good job with privacy and security as a company. But, like life, hackers find a way! So Apple has had some pretty serious security issues. In 2023, Apple released fixes for three different vulnerabilities that made it possible for bad actors to hack Apple devices. In 2022, they had a security flaw that could allow hackers to take complete control of iPhones, iPads, and Macs. Earlier that year, Apple also gave up data to hackers who forged emergency data requests from law enforcement. Eesh. Back in 2021, another bad security vulnerability could have allowed bad actors to record calls and messages and even turn the device camera and microphone on without the user knowing. Eesh. The good thing with Apple and security is, they seem to take these security breaches seriously, jump and fix them immediately, and communicate pretty well with users on what they need to do to stay safe. So keep those devices updated, folks!
On the privacy front, this device does track a whole bunch of biometric data including your heart rate, blood oxygen levels, menstrual cycle, hearing, breathing, and your heart's electrical signals. That's a lot of personal information gathered in one place. A reminder that sharing a lot of your intimate personal data always carries some risk. Like when, back in 2021, the health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Apple and other fitness tracker users was left exposed because the company didn't password protect or encrypt their database. This is a great reminder that yes, while Apple might do a good job with their own security, anytime you sync or share that data with anyone else, it could be vulnerable. I don't know about you, but I don't need the world to know my weight and where I live. That’s really dang creepy.
And given Apple Health data can be synced with lots of third-party apps and companies, well, don't do that. The more you share this data, the more likely it can be that it will be vulnerable. Limit that sharing as much as you can!
The risk of your health data being exposed is especially concerning if it could be used against you in a court of law, like in some US states where abortion is illegal. But Apple does do a pretty good job with privacy, so that's good when it comes to using the Apple Health app for period and reproductive health tracking. And if users take the steps Apple recommends to protect this data, it should be fairly safe out there on the Cloud. Apple says, "When your phone is locked with a passcode, Touch ID, or Face ID, all your health and fitness data in the Health app — other than your Medical ID — is encrypted. Any Health data backed up to iCloud is encrypted both in transit and on our servers. And if you use a recent version of watchOS and iOS and turn on two-factor authentication and a passcode, your health and activity data will be backed up in a way that Apple can’t read." So lock those phones down, set up two-factor authentication, disable iCloud sharing of Apple Health data, and don't share any of those passcodes with anyone, ever.
Finally, Apple does have a pretty general statement about how they might share data with law enforcement in their privacy policy, which is kinda a bummer. They say, "We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate." Fortunately, Apple does have a pretty good track record at pushing back against law enforcement requests for data.
What’s the worst that could happen? Well, while using an Apple Watch and Apple Health to track your period might be safer than other options, it's good to remember that it's still far from perfect. You should take all the precautions possible to protect your data and only share what you'd feel safe being on the internet since nothing is 100% secure.
Tips to protect yourself
- Follow Apple's advice on how to secure Health data.
- Restrict the amount of personal information like heart rate data is shared by going to the Apple Watch app on your iPhone under Privacy > Health
- Be very careful what third party companies you consent to share you health data with. If you do decided to share your health data with another company, read their privacy policy to see how they protect, secure, and share or sell your data.
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- If you no longer use your Apple Watch or give it to someone else, consider erasing your data. Open the Settings app on your Apple Watch. Go to General > Reset, tap Erase All Content and Settings, then enter your passcode.
Can it snoop on me?
Camera
Device: No
App: Yes
Microphone
Device: Yes
App: Yes
Tracks location
Device: Yes
App: Yes
What can be used to sign up?
Yes
Phone
No
Third-party account
No
An Apple ID is required to sign up.
What data does the company collect?
Personal
Your Apple ID and related account details, including email address, devices registered, account status, and age, data from which your device could be identified, such as device serial number, or about your device, such as browser type, data such as name, email address, physical address, phone number, or other contact information, data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information, data about purchases of Apple products and services or transactions facilitated by Apple, including purchases on Apple platforms, data used to help identify and prevent fraud, including a device trust score, data about your activity on and use of Apple's offerings, such as app launches within Apple services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data, precise location only to support services such as Find My or where you agree for region-specific services, and coarse location, details including salary, income, and assets information where collected, and information related to Apple-branded financial offerings, government ID Data (In certain jurisdictions, we may ask for a government-issued ID in limited circumstances, including when setting up a wireless account and activating your device, for the purpose of extending commercial credit, managing reservations, or as required by law);
Body related
"Health Information. Data relating to the health status of an individual, including data related to one’s physical or mental health or condition. Personal health data also includes data that can be used to make inferences about or detect the health status of an individual. If you participate in a study using an Apple Health Research Study app, the policy governing the privacy of your personal data is described in the Apple Health Study Apps Privacy Policy. Fitness Information. Details relating to your fitness and exercise information where you choose to share them"
Social
Details such as the content of your communications with Apple, including interactions with customer support and contacts through social media channels.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
In July 2023, Apple and Amazon were fined by Spain antitrust watchdog.
In January 2023, Apple was fined €8M in French privacy case.
In 2022, Apple identified and patched serious security vulnerabiiliites, one that could allow hackers take full control of iOS devices.
In 2022, Apple allegedly gave user data to hackers who faked being law enforcement and forged requests for information.
In 2021, Apple had a recent serious spyware security vulnerability called Pegaus that infected iPhones and other Apple devices.
In 2021, a major data leak was reported of 61 million fitness tracker data records, including Apple's Healthkit data, by the third party company GetHealth. In September 2021, a group of security researchers discovered GetHealth had an unsecured database containing over 61 million records related to wearable technology and fitness services. GetHealth accessed health data belonging to wearable device users around the world and leaked it in an non-password protected, unencrypted database. The list contained names, birthdates, weight, height, gender, and geographical location, as well as other medical data, such as blood pressure.
Child Privacy Information
Can this product be used offline?
User-friendly privacy information?
Apple's privacy policies aren't exactly easy to read, but they are better than most.
Links to privacy information
Does this product meet our Minimum Security Standards?
Encryption
Uses encryption both in transit and at rest.
Strong password
Security updates
Manages vulnerabilities
Apple has a bug bounty program.
Privacy policy
Some of Apple's AI research can be found at https://machinelearning.apple.com/.
Is this AI untrustworthy?
What kind of decisions does the AI make about you or for you?
Is the company transparent about how the AI works?
Does the user have control over the AI features?
Dive Deeper
-
Amazon and Apple fined $218 million by Spain antitrust watchdogCNN Business
-
Apple fined €8M in French privacy casePolitico
-
Apple says it prioritizes privacy. Experts say gaps remainThe Guardian
-
Apple’s Privacy Mythology Doesn’t Match RealityWired
-
Apple’s Illusion of Privacy Is Getting Harder to SellThe New York Times
-
61M Fitbit, Apple Users Had Data Exposed in Wearable Device Data BreachHealth IT Security
-
Apple warns of security flaws in iPhones, iPads and MacsNPR
-
Apple and Meta Gave User Data to Hackers Who Used Forged Legal RequestsBloomberg
-
Security News This Week: Fake Cops Scammed Apple and Meta to Get User DataWired
-
Apple Issues Emergency Security Updates to Close a Spyware FlawThe New York Times
-
Improving Siri’s privacy protectionsApple
-
Apple resumes human reviews of Siri audioAssociated Press
-
Apple apologises for allowing workers to listen to Siri recordingsThe Guardian
-
Apple’s AI plan: a thousand small conveniencesThe Verge
-
Apple vs. Feds: Is iPhone Privacy a Basic Human Right?Harvard Business School Working Knowledge
-
How can US law enforcement agencies access your data? Let’s count the waysThe Guardian
-
How to ensure Apple Health cycle tracking data stays privateAppleInsider
-
Should You Worry About Data From Your Period-Tracking App Being Used Against You?Kaiser Health News
-
Period tracking apps could see their data legally protected; how to secure yours9to5Mac
Comments
Got a comment? Let us hear it.