Facebook has been covertly collecting deeply personal information from a number of popular apps, often without users' knowledge.

At least 11 popular apps have been sending the data to Facebook, including period-tracking app Flo Period & Ovulation Tracker, real estate app Realtor, and Instant Heart Rate: HR Monitor, a Wall Street Journal investigation found.

The apps collected highly sensitive data, which ranged from things like users' average weight and height to their blood pressure, ovulation cycles and pregnancy status.

In some cases, the 'highly sensitive information' is sent to Facebook mere seconds after it's entered into the app - even if the user doesn't have an account on the social media network, according to the Journal.

Facebook can collect the data as a result of its Software Development Kit (SDK), a set of open source software tools that can be used by developers to create apps.

Apps use Facebook's SDK to build their software and, in exchange, Facebook often gets access to data those apps collect, for the purpose of targeting ads.

Scroll down for video

Facebook has been covertly collecting deeply personal information from a number of popular apps, often without users' knowledge. At least 11 popular apps were transmitting the data

WHAT APPS ARE SHARING YOUR DATA WITH FACEBOOK? A bombshell investigation by the Wall Street Journal tested a total of 70 apps and found that 11 were sharing data with Facebook, largely without users' knowledge. In some cases, this includes 'highly sensitive information,' and none provided a way for users to stop the data from being shared. Apps named by the Journal include: Instant Heart Rate: HR Monitor: Sent information such as heart rate to Facebook, and in at least one case, 'immediately after it was recorded.' Flo Period & Ovulation Tracker: Informed Facebook when user was having her period or had indicated an intention to get pregnant Realtor.com: Sent location and price of listings that a user viewed and even made note of which were favorited Breethe Inc: Shared users' email addresses and the name of the meditations they'd completed BetterMe: Shared users weights and heights as soon as they were entered The report, which only disclosed the names of a handful of the flagged apps, also notes that the list includes 'at least six of the top 15 health and fitness apps in the US App Store' as of Feb 22. Advertisement

It marks the latest in a litany of recent privacy scandals for Facebook, which have cratered its two billion-plus users' trust in the site and raised questions over the need for regulators to rein in the social media giant.

The Wall Street Journal tested more than 70 apps and found that at least 11 apps sent highly sensitive information to Facebook.

The apps often fail to alert users that the data is being shared with Facebook.

While users can control how apps collect data from their device, such as location, contacts or cookies, they have no way of stopping them from sharing sensitive data recorded in the apps with third parties such as Facebook.

For the investigation, the Journal used software to monitor the internet communications transmitted by the app and worked with a privacy software company, Disconnect, to test some of the apps.

They found that at least six of the top 15 health and fitness apps shared personal information with Facebook.

'This is a big mess,' Patrick Jackson, chief technology officer at Disconnect, told the Journal.

'This is completely independent of the functionality of the app.'

Among the cases it found, Instant Heart Rate: HR Monitor transmitted a user's heart rate to Facebook within seconds of it being recorded, while Flo told Facebook when a user was ovulating or hoped to get pregnant.

Additionally, the Realtor.com app told Facebook the location and price of home listings viewed by users.

The Android version of 'Better Me: Weight Loss Workouts' was sending users' weights and heights to Facebook, the Journal said.

Instant Heart Rate Monitor: HR (left), Flo Period & Ovulation Tracker (center) and Realtor.com (right) were all found to be transmitting highly sensitive user data to Facebook

Facebook denies that it's using the sensitive data from the apps for targeting purposes.

The firm also said its business terms prohibit app developers from sending 'health, financial information or other categories of sensitive information,' according to the Journal.

'We require app developers to be clear with their users about the information they are sharing with us,' a Facebook spokesperson told the Journal.

However, loopholes in Facebook's SDK may make it possible for apps to share sensitive data with the network.

Facebook's SDK includes a feature called 'app events' that enables developers to track user activity in the app, often for the purpose of improving the user experience or learning more about its audience.

Data collected from 'app events' are then sent to Facebook and developers can create 'custom app events' that include sensitive data.

Facebook says it automatically deletes sensitive data received from developers and doesn't use data from custom events for targeting purposes.

However, Facebook's website states that it uses customer data collected by its SDK for ad targeting, as well as 'to improve other experiences on Facebook, including News Feed' and search results, according to the Journal.

The Facebook spokesperson told the Journal that it plans to create more safeguards around how sensitive data sent from apps is stored.

But the practice has still alarmed privacy experts and many have raised the possibility that Facebook could be in violation of GDPR - something Facebook denies.

It's not yet clear whether Apple or Google will take action against developers collecting sensitive user data in their apps.

Since the Journal report was published, New York Governor Andrew Cuomo ordered two state agencies to investigate its findings and called the data-sharing an 'outrageous abuse of privacy.'