How much exactly does Facebook know about us?
No one would argue the pervasiveness of the social network and its impact on our lives. But do we fully comprehend the amounts of personal, highly sensitive information that Facebook gets hold of?
How Does Facebook Collect Details about Our Intimate Lives
According to a brand new investigation carried out by Privacy International, Facebook is most likely aware of when we’re having sex. Thankfully, the reason is not because the social network is spying on its users but as a consequence of period-tracking apps, also known as menstruation apps.
Menstruation apps are not just concerned with your menstruation cycles, Privacy International argues. These apps also collect information about its users’ health, sexual life, mood, all in exchange for informing them about the day of menstruation. The nature of the collected information is so personal that most women will not share it with others. Unfortunately, it turns out that these otherwise helpful apps are sharing this data with third parties, including Facebook.
How is the information sharing happening? Through Facebook’s SDK for Android which is utilized by app developers to integrate their products with Facebook’s platform. The SDK contains several core components such as analytics, ads, login, account kit, share, graph API, app events, and app links. The SDK also enables apps to integrate the Login with Facebook feature.
Maya by Plackal Tech, MIA by Mobapp Development Limited, My Period Tracker by Linchpin Health, Ovulation Calculator by Pinkbird, and Mi Calendario by Grupo Familia are some of the applications that the researchers analyzed.
Period Tracker by GP International LLC, in particular, did not appear to share any data with Facebook. The other apps, however, turned out to be a little more indiscreet, Privacy International said.
Maya by Plackal Tech and MIA by Mobapp Development Limited conducted – at the time of the research – what we believe to be extensive sharing of sensitive personal data with third parties, including Facebook.
The good news is that, after the researchers shared their report with Maya by Plackal Tech, the company removed both the Facebook core SDK and Analytics SDK from the application. The bad news is that the app, which has more than 5 million downloads on Google Play, still asks for a lot of personal information:
The problem is what you share won’t stay between you and Maya. Our traffic analysis reveals, first of all, that Maya informs Facebook when you open the app. There is already a lot of information Facebook can assume from that simple notification: that you are probably a woman, probably menstruating, possibly trying to have (or trying to avoid having) a baby.
The biggest privacy concern with this app is that “even though you are asked to agree to their privacy policy, Maya starts sharing data with Facebook before you get to agree to anything”. Information the app is collecting and sharing with Facebook includes highly sensitive medical data, including the use of contraception pills and mental condition.
What about GDPR?
The first question to be asked regarding GDPR is whether the app is based in the European Union or if it offers services to EU citizens.
It should be noted that Plackal Tech, the company behind the Maya app, is located in India.
However, it is serving EU users as it is available on the Google Play Store UK, which means that a UK user can download and use the app in the EU. Although they do not specifically mention use by EU users, the Terms and Privacy Policy of the app states that the app is available in India or in other jurisdictions (sic).
Finally, it is highly questionable whether this extensive data collection is strictly necessary for providing the service of a menstruation app. Also, this extensive data collection raises a series of questions regarding the compatibility of these apps with EU data protection law, Privacy International concluded.