Does open source mean the app is free to use

Open source refers to code availability, not price. An open-source app can be free or paid. The two are independent. Floriva, for example, is a paid app, open source code would mean its privacy claims are verifiable, while the subscription funds development without relying on data monetization.

What is the reproducible builds problem

Publishing open source code does not guarantee that the app distributed through app stores matches that code. A developer could open-source one version of the app while distributing a different version. Reproducible builds address this by making it possible to compile the source code and verify that the resulting binary is identical to the published app. Only a small number of apps implement this.

Are closed-source period trackers necessarily untrustworthy

Not necessarily. Some closed-source apps have strong privacy practices and third-party audited security. However, their privacy claims require trust in developer statements because independent verification is not possible. For users whose threat model requires verified privacy rather than promised privacy, open source with reproducible builds is the stronger option.

guides

What Does Open Source Mean for a Period Tracker App

Open source period trackers let anyone inspect the code and verify privacy claims. What open source means, its limits, and how to evaluate one.

Why Open Source Matters for Privacy Claims Every period tracker app makes privacy claims. Most do so in a privacy policy, a legal document that is difficult to verify and changes over time. Open source code is a different kind of claim. Instead of "we promise not to share your data," it is "here is the exact code running on your device, inspect it yourself." For users who want verified privacy rather than promised privacy, this distinction is significant. The FTC enforcement action against Flo in 2021 and the $59.5M class action settlement demonstrate that privacy policies are not self enforcing. Open source code, particularly when combined with independent security audits, provides a verification mechanism that legal text does not. What Open Source Enables When period tracker code is publicly available: Security researchers can review it and publish findings. A researcher who discovers that the app is transmitting data to an undisclosed server can document and publicize that finding, creating accountability that closed source apps do not face. Privacy advocates can verify whether stated data practices match implementation. If the privacy policy says no data leaves your device, the