``Users are worried, but we are confused'': Exploring the Privacy, Security, and Safety Perspectives and Practices of FemHealth App Product Team Members
Authors: Chenkai Ma (King's College London), Shijing He (King's College London), Ina Kaleva (King's College London), Alisa Frik (International Computer Science Institute), Jose Such (INGENIO (CSIC-Universitat Politècnica de València)), Ruba Abu-Salma (King's College London)
Volume: 2026
Issue: 4
Pages: 852–868
DOI: https://doi.org/10.56553/popets-2026-0148
Abstract: FemHealth apps (e.g., period, fertility, and pregnancy trackers) collect highly sensitive sexual and reproductive health data and have become a focal point for privacy, security, and safety (PSS) concerns, particularly amid changes in reproductive health regulations in the US and growing public scrutiny. While prior work has identified shortcomings in the PSS protections implemented by FemHealth apps, far less is known about how the product teams developing these apps conceptualize and operationalize PSS in practice. We conducted semi-structured interviews with 14 FemHealth app product team members who represented 11 unique apps and held diverse roles, including software engineering and architecture, security and privacy, product management, policy and legal compliance, and UX/UI research and design. We found that data collection decisions are often driven by feature-specific objectives, such as improving prediction accuracy and enabling reliable backups, rather than by explicitly articulated PSS requirements. Teams also frequently rely on legal compliance frameworks and PSS practices designed for general-purpose apps, while expressing confidence that these measures provide adequate protection. In addition, we identified four persistent challenges faced by FemHealth app product teams: disagreement over whether FemHealth apps require distinct PSS protections compared to non-FemHealth apps; difficulty establishing and maintaining user trust; uncertainty arising from cross-border enforcement related to abortion; and technical limitations associated with backups, end-to-end encryption, and coercive local access to data. Based on these findings, we derive a set of requirements and provide actionable technical and policy recommendations to inform the design, engineering, and governance of PSS in FemHealth apps.
Keywords: Mobile health (mHealth) apps, FemTech, privacy engineering, software development
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.