Skip Navigation
Illinois Attorney General Kwame Raoul
Home | Careers | Press Room | Opinions | Español | Other Languages | Contact Us

November 22, 2022


Letter to Apple CEO Highlights Security Gaps in Apps Hosted by Apple

Chicago  — Attorney General Kwame Raoul, as part of a coalition of 10 attorneys general, is expressing concerns about reproductive health privacy on Apple’s App Store following the U.S. Supreme Court’s decision overturning Roe v. Wade. Raoul and the attorneys general urged Apple to take practical steps to protect consumers’ private reproductive health information.

In a letter sent to Apple CEO Tim Cook, Raoul and the coalition called on Apple to protect the personal information of individuals seeking or providing abortion care by implementing privacy-enhancing measures to safeguard data collected by apps hosted on Apple’s App Store.

“As a result of the Supreme Court’s ruling overturning Roe v. Wade, millions of Americans now must search for alternative methods of managing their reproductive health or seeking abortion services,” Raoul said. “Women have a right to seek reproductive health care online without worrying that their data might be used against them. I urge Apple to take these commonsense steps to protect women’s private, reproductive health information.”

While Apple has adopted privacy and security measures that are consistent with its stated goals of protecting consumers’ privacy, apps hosted in its store may not meet the same standards or implement appropriate protections for this sensitive data. According to the coalition, this gap in Apple’s protections threatens the privacy and safety of App Store consumers and runs directly counter to Apple’s publicly expressed commitment to protect user data.

The letter cites the demonstrated risk that location history, search history and adjacent health data pose to individuals seeking or providing abortions or other reproductive health care. Raoul and the coalition urge Apple to require app developers to either certify to Apple or affirmatively represent in their privacy policies that they will take the following security measures:

  • Delete data not essential for the use of the application, including location history, search history, and any other related data of consumers who may be seeking, accessing or helping to provide reproductive health care.
  • Provide clear and conspicuous notices regarding the potential for app store applications to disclose user data related to reproductive health care, and require that applications disclose this information only when required by a valid subpoena, search warrant or court order.
  • Require app store applications that collect consumers’ reproductive health data or that sync with user health data stored on Apple devices to implement at least the same privacy and security standards as Apple with regard to that data.

Raoul and the attorneys general explain that deleting data related to reproductive health care is the first line of defense to protect consumers who, often unknowingly, leave digital trails of their efforts to obtain or provide reproductive health care. The letter also notes that data retention and sharing is often obscured by vague and unclear privacy policies — making it impossible for consumers to make informed decisions about who to trust with their sensitive information. It is critical for Apple to ensure that apps provide clear and conspicuous notices regarding third-party access to reproductive health data, the letter explains.

At a minimum, Apple should require apps on the app store to meet certain threshold security requirements, such as encryption of biometric and other sensitive health data stored on applications, use of end-to-end encryption when transmitting this data, and compliance with Apple’s user opt-out controls. Compliance with these measures should be represented in the privacy policies of app store apps.

The letter also urges Apple to implement a clear process to audit third-party apps’ compliance with Apple’s privacy and security standards. The letter calls on Apple to conduct periodic audits and remove or refuse to list third-party apps in violation of these standards.

Raoul is joined in signing the letter by the attorneys general of California, Connecticut, the District of Columbia, Massachusetts, North Carolina, New Jersey, Oregon, Vermont and Washington.

Return to Novemer 2022 Press Releases

go to top of page

© 2020 Illinois Attorney General HomePrivacy Policy Contact Us