Enhancing Privacy in Cloud-Based Menstrual  Tracking Apps: A Comparative Study and Zero  Trust Approach | IJCT Volume 12 – Issue 5 | IJCT-V12I5P66

The rapid digitalization of healthcare has encouraged millions of women to adopt menstrual tracking applications for monitoring reproductive health, predicting cycles, and recording sensitive data. However, as these apps increasingly migrate toward cloud-based infrastructures, concerns regarding data privacy, unauthorized access, and information misuse have intensified. This study investigates the privacy mechanisms of leading menstrual tracking apps—both cloud-dependent and locally stored—to identify existing vulnerabilities and evaluate how the Zero Trust Architecture (ZTA) can strengthen user data protection. A comparative analysis was conducted on selected applications using factors such as permission sensitivity, data storage practices, and security policies. The results demonstrate that while many apps comply with basic security measures, most lack consistent encryption and user-centric access control. This paper proposes a Zero Trust model tailored for menstrual tracking ecosystems, aiming to ensure continuous verification, minimal trust boundaries, and enhanced privacy without compromising usability.

Although the study contributes valuable insights into privacy and cloud dependency of menstrual tracking applications, it is not without limitations. Firstly, the research was limited to 14 Android- based applications due to time and accessibility constraints. This restricts the generalizability of the results to the entire ecosystem of menstrual or health-tracking apps, especially those exclusive to iOS or other platforms. Secondly, the study relied on publicly available app information, such as privacy policies and Play Store metadata. Since the internal architecture, backend APIs, and real-time data transmission could not be directly observed, some privacy or security mechanisms might remain undisclosed. Therefore, the analysis reflects a surface-level audit rather than a full security penetration assessment. Another limitation is the absence of direct user feedback or survey-based validation. User perception and actual privacy awareness could significantly affect how security mechanisms are understood and valued. Moreover, the proposed Zero Trust Mitigation framework was conceptual rather than implemented, meaning its effectiveness in reducing real-world data exposure was not empirically tested in a deployed environment. Lastly, given the dynamic nature of app updates and policy changes, the study’s results represent a snapshot in time. Future versions of the same applications might alter permission sets, privacy terms, or storage mechanisms, thereby changing their risk profiles. Despite these constraints, the research successfully establishes a baseline for further applied work on privacy enhancement in cloud-based menstrual tracking systems

[1]W. Alasmary and F. Alhaidari, “A Systematic Review of Security and Privacy Issues in Mobile Health Applications,” Journal of Healthcare Informatics Research, vol. 6, no. 1, pp. 45–67, 2022. [2]A. Bada and M. A. Sasse, “User Privacy Concerns in Health and Fitness Apps: A Review of Permissions and Practices,” Computers & Security, vol. 110, p. 102427, 2021. [3]Cloud Security Alliance (CSA), Zero Trust Architecture: Principles and Implementation, 2021. [Online]. [4] European Union GDPR Portal, General Data Protection Regulation (GDPR) Compliance Guidelines, 2018. [5]Google Developers, Android App Permissions and Data Safety Overview, 2024. [6]Health IT Security, Zero Trust in Healthcare: Redefining Access and Security in Digital Health, 2023. [7]HIPAA Journal, Challenges of Protecting Personal Health Data in Mobile Applications, 2023. [8]P. Kaur and J. Singh, “A Review on Cloud Security Challenges and Zero Trust Architecture for Healthcare Data,” International Journal of Cloud Applications and Computing, vol. 12, no. 3, pp. 1–15, 2022. [9]R. Kumar and A. Sharma, “Data Privacy in Menstrual Tracking Apps: Risks, Regulations, and Remedies,” IEEE Access, vol. 11, pp. 11220–11234, 2023. [10]Microsoft, Zero Trust Security Model – Implementation Guide, 2024. [11]NIST Special Publication 800-207, Zero Trust Architecture, National Institute of Standards and Technology, U.S. Department of Commerce, 2020. [12]H. Park and M. Choi, “A Comparative Analysis of Cloud vs. Local Storage Models in Mobile Health Applications,” Health Informatics Journal, vol. 28, no. 3, pp. 1463–1478, 2022. [13]Privacy International, How Period Tracker Apps Handle Sensitive Health Data, 2023. [14]T. Smith and Y. Zhao, “Exploring User Trust and Data Protection in Digital Health Apps,” ACM Transactions on Privacy and Security, vol. 24, no. 4, pp. 1–18, 2021.

Call for Paper (Hub) Fast Paper Publication IJCT Indexing & Databases Submit Manuscript Call for Paper: Sep–Oct 2025 Call for Paper: Publish Research