Research from British advocacy organisation, Privacy International (PI), has found that a number of popular period tracker apps are likely to be sharing highly personal user data with Facebook, and subsequently other third parties.

Period tracker apps are used by hundreds of millions of women globally to track and predict both their periods and fertility cycle.

For the apps to work, women are required to enter detailed information about their menstrual cycle and sexual activity. This can include information such as the use of contraception, period symptoms, weight, sleep patterns or even the type of sanitary products they use.

Of the 36 apps examined during the study, nearly two-thirds (61%) were found to automatically transfer data to Facebook as soon as the user opens the app – regardless of whether the user had a Facebook account or if they were logged into the site.

The data was shared via Facebook’s software development kit (SDK), a tool that can be used by apps to earn money from passing on the gathered data to advertisers who in turn present users with personalised adverts.

Recommended

“We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if people were logged out of Facebook or didn’t have an account,” PI said.

The study found that the top apps such as Period Tracker by Leap Fitness Group, Period Track Flo by Flo Health, Period Tracker by Simple Design Ltd, and Clue Period Tracker by Biowink did not share their users’ data.

However, other apps such as Maya by Plackal Tech (which has five million downloads on Google Play), MIA by Mobapp Development Limited (one million downloads) and My Period Tracker by Linchpin Health (more than one million downloads) did share data.

Since seeing the report, Plackal Tech told PI it had “removed both the Facebook core SDK and Analytics SDK from Maya.”

It did say it would continue to use Facebook Ad SDK with users who agreed to its terms and conditions and privacy policy, adding that no “personally identifiable data or medical data” is shared.

In a statement to the BBC, the company added: “All data accessed by Maya are essential to the proper functioning of the product. Predicting information pertaining to menstrual cycles is complex and dependent on thousands of variables.

“Our users are made aware of our Terms and Conditions and Privacy Policy prior to signing up on Maya. Post sign up, our users can export their data and delete their account whenever they choose to.

“The Ad SDK helps us earn revenue by displaying ads that our users can opt-out of by subscribing to Maya’s premium subscription.”

Facebook told the BBC: “Our terms of service prohibit developers from sending us sensitive health information and we enforce against them when we learn they are.

“In addition, ad targeting based on people’s interests does not leverage information gleaned from people’s activity across other apps or websites.”

Facebook has announced that it will launch a tool to enable users to stop apps and businesses sharing their data with the social network.

PI expressed “serious concerns” as to how such apps are compliant with GDPR, especially in relation to consent and transparency. It said Facebook’s new tool was “insufficient, as it will fail to protect app users who do not have a Facebook profile.”

“The responsibility should be on the companies to comply with their legal obligations and live up to the trust that users have placed in them when deciding to use their service,” PI concluded.

Like this: Like Loading...