One thing I really envy Android users on is their access to alternate app stores, like F-Droid and Aurora. My partner approached me earlier this week and asked if I’d be willing to go on a diet with her as a show of solidarity. Not the same diet, just a diet. As I stepped on the scale to begin, I begrudgingly admitted that she was on to something and I’ve put on more weight than I realized. Ever the one to look for a silver lining though, I figured this might be a good time to dig through some of the most popular diet-tracking apps in the iOS app store and see which one was the least offensive. So this week, I’m sharing that with you.
I chose my apps based on a combination of “top” lists found on DuckDuckGo and which apps popped up first when I searched in the app store. I am rating them based on their privacy policies, specifically “information we collect.” I have organized them by alphabetical order. I also only highlighted things that stuck out to me specifically. I’m not really surprised with stuff like “cookies, things you willingly add to your profile, and IP address.” That’s all pretty standard. I was looking for anything out of the ordinary or alarming.
Information collected: “first name, email address, encrypted password, personal profile (your age, sex, height, start weight, goal weight, activity levels and any other boxes you tick during sign up), Photo (if you upload this to the forum or Live Club weigh-in on the website), IP address, Mobile device ID, Your browsing behaviour (when using the Nutracheck App and website).” Uses Google Analytics. Shares information with Google and Facebook to advertise “as you browse around the internet.”
The alarming parts to me here were the fact that they shared with Google and Facebook so they could advertise to you off-site. No thanks. Other than that, pretty standard stuff although I did notice that a lot of sites require information like gender and age. I guess that’s medically relevant, but it still makes me a bit uneasy. Also what does “encrypted password” mean? Do they actually store my encrypted password, or are they dumbing down “hashed” for readers? Cause frankly, storing my actual password – even encrypted – is unacceptable.
Information collected: “age, gender, postal code, current and goal weight.” “IP, ISP, browser type, OS, language, profile information, profile info, food and exercise, and “general use.” “integration with other services such as Apple’s HealthKit…other services such as Apple’s HealthKit API’s and Google’s Fit APIs (all together “Health Data Services”). FatSecret will not use or disclose health data gained through Health Data Services to third parties for advertising, marketing or other use-based data mining purposes other than improving health or for the purpose of health research.”
I found a few things in particular problematic here. Let’s go in order. First, “postal code.” I realize than IP address is as good as a physical address, but why go out of your way to collect that? Next, “ISP, browser type,” and “OS.” Again, I realize that knowing my IP address is enough to correlate who my ISP is, but why go out of your way? I also know that browser type is helpful to know to make sure your site is working correctly with that browser, but why OS? And also, with the rise of CSS, I feel like “browser compatibility” isn’t really a thing as much as it used to be (but I could be wrong, I'm clearly not a web developer). “Integration with other services” combined with “FatSecret will not use that data...” means that not only will they submit the data to your HealthKit, but they’ll collect data from it, too. Finally, “for the purpose of health research.” Um, no thanks. Please don’t take my health data and then share it.
Information Collected: “We may also use and allow third parties to track your browsing history profile.” “Personal Diet Data”, including, birthdate, height and weight, sex, and specific details of the foods and drinks that you consume and your exercise, and genetic results. Test results generated from a user’s genetic data. Email address and Lose It! Password. IP addresses, browser type and your operating system. Pages visited on the Websites referring and exit pages, and the dates and times of the visits. Financial information, such as your credit/debit card number or other billing information for purchases and product upgrades. Any additional information relating to you and your use of the Websites, Apps or Lose It! Services that you provide to use directly through the Websites, Apps or Lose It! Services. Location data and other information about devices used to access and interact with the Websites or App. Information that you make publicly available or publicly post using tools made available on the Websites or via the App. Information you may provide in user-to-user messages. Information collected from promotions with third party companies.”
So once again, nothing terribly bad here except that they specifically cover genetic data. If I get a genetic test, they collect the results (I assume the test has to be done through them or with one of the parties they work with). No thanks. They also collect Browser type and OS, yet again. And Location data, why? Why do dieting apps want to know my location? What are you gonna send me a push notification? “We noticed you just entered a Wendy’s. Don’t do it, bro!” C’mon.
Information collected: None
So this app claims that they don’t collect ANY information and furthermore than all information you enter stays on your device and never gets transmitted. But I was a little put-off by the fact that there’s no HTTPS on their website. It’s 2020. There’s no excuse for that. Also, personal opinion territory here, I noticed that in the app store the developer has another app called Donald J Trump, which seems to be just a hub for all his social media posts or something like that. I don’t know, I didn’t pay for it. Personally, I don’t support Trump, and since the Nutrients app is paid, I wanted to do a little digging and make sure that I’m okay giving my money to an organization that obviously does support him. Once I started digging on that front, I quickly noticed that there is zero mention of the Donald J Trump app on their website, which to me is kind of questionable. At the time of my research this week, the app had been updated less than two months ago, so clearly this isn’t something they just put out once and have since abandoned. This is an app they actively maintain. Why aren’t they owning up to it? Personally, I found that alone shady enough to not want to give over my money. I don’t mind if a company wants to publicly endorse a candidate, but the fact that they weren’t being fully forthcoming with it in a situation where they should’ve (in this case, not listing the app on their site alongside all the others), that personally didn’t sit right with me.
Information collected: ? But it is collected through third party or “publicly available” sources.
Information collected: ?
This service was equally as opaque as MyFitnessPal. The only saving difference was this service didn’t claim to collect additional information from outside the app, and they also claim they never share it. Personally I find a blanket “we never share your info” claim to be suspect – especially if they do admit to collect information – because I fully expect any remotely not-shady organization to share my information with law enforcement with a warrant. So to just flat out say “we never share your information ever” already means that at best you’re telling a half-truth.
Information collected: device registration data (for example, the type of mobile device you use, your mobile device’s unique device or advertising ID, IP address, operating system and browser type), device settings (for example, your language preference), mobile carrier, information about how you use the Services (for example, how many times you use the Services each day), requested and referring URLs, location data collected through your device (including, for example, precise location data such as GPS and WiFi information), information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.”
So this is another one that’s not AWFUL but still not great. Let’s pick apart the more alarming parts. First, “OS and Browser, as well as mobile carrier.” Why? Does whether I use AT&T or Sprint or Verizon really affect how the app experience is for me as a user? “Requested and referring URLs,” so I admittedly am not an expert on this stuff and I have to do more learning in this area, but from what I understand this means that they can track where I came from and go to on the internet before and after their site. Why? “Location data, including GPS and WiFi information.” So in addition to my usual “why do you need my location” rant, this also suggests (or at least doesn’t rule out the possibility) that they might collect additional information about my WiFi network specifically, like SSID (aka “wifi name”), router info, and possibly even WiFi password and other devices on the network. Seems a bit unnecessary just to tell me I’m fat. Finally, “Traffic data, web logs, and other communication data.” Man that’s broad. Are you gonna access my browser history? What other traffic goes over the network? My text messages? This one is way overreaching.
So what did I ultimately decide to go with? A spreadsheet made with LibreOffice. It’s not sexy. It doesn’t give me pie charts or histograms (I know, it could if I wanted to). It doesn’t automatically tabulate my weekly total. It doesn’t have a cute animal encouraging me or recommending tips to keep on track. That’s fine. I took it upon myself to go out and do research and use online calculators to see what my daily calorie intake is based on my goals and my body. I decided what metrics were important to me, then I went and found the daily recommendations. In fact, I got a few premium features that way. For example, one app I used in the past (which is on this list) charged extra to set goals (instead of simply counting) and to monitor my sodium and sugar. I have all those things now, plus more. It’s a little more work. I can’t just scan a barcode. But that’s okay. It works for me, and it forces me to be conscious and put in the work myself.
You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @email@example.com or support my work on Liberapay.