Period-Tracking Apps Are Sharing Your Sex Life with Facebook
CYBER NEWS

Period-Tracking Apps Are Sharing Your Sex Life with Facebook

How much exactly does Facebook know about us?

No one would argue the pervasiveness of the social network and its impact on our lives. But do we fully comprehend the amounts of personal, highly sensitive information that Facebook gets hold of?



How Does Facebook Collect Details about Our Intimate Lives

According to a brand new investigation carried out by Privacy International, Facebook is most likely aware of when we’re having sex. Thankfully, the reason is not because the social network is spying on its users but as a consequence of period-tracking apps, also known as menstruation apps.

Menstruation apps are not just concerned with your menstruation cycles, Privacy International argues. These apps also collect information about its users’ health, sexual life, mood, all in exchange for informing them about the day of menstruation. The nature of the collected information is so personal that most women will not share it with others. Unfortunately, it turns out that these otherwise helpful apps are sharing this data with third parties, including Facebook.

Related: Facebook Admits It Gave Access to User Data to 61 Tech Companies

How is the information sharing happening? Through Facebook’s SDK for Android which is utilized by app developers to integrate their products with Facebook’s platform. The SDK contains several core components such as analytics, ads, login, account kit, share, graph API, app events, and app links. The SDK also enables apps to integrate the Login with Facebook feature.

Maya by Plackal Tech, MIA by Mobapp Development Limited, My Period Tracker by Linchpin Health, Ovulation Calculator by Pinkbird, and Mi Calendario by Grupo Familia are some of the applications that the researchers analyzed.

Period Tracker by GP International LLC, in particular, did not appear to share any data with Facebook. The other apps, however, turned out to be a little more indiscreet, Privacy International said.

Maya by Plackal Tech and MIA by Mobapp Development Limited conducted – at the time of the research – what we believe to be extensive sharing of sensitive personal data with third parties, including Facebook.

The good news is that, after the researchers shared their report with Maya by Plackal Tech, the company removed both the Facebook core SDK and Analytics SDK from the application. The bad news is that the app, which has more than 5 million downloads on Google Play, still asks for a lot of personal information:

The problem is what you share won’t stay between you and Maya. Our traffic analysis reveals, first of all, that Maya informs Facebook when you open the app. There is already a lot of information Facebook can assume from that simple notification: that you are probably a woman, probably menstruating, possibly trying to have (or trying to avoid having) a baby.

The biggest privacy concern with this app is that “even though you are asked to agree to their privacy policy, Maya starts sharing data with Facebook before you get to agree to anything”. Information the app is collecting and sharing with Facebook includes highly sensitive medical data, including the use of contraception pills and mental condition.

Related: 2 Third Party Apps Exposed Millions of Facebook Users Records

What about GDPR?

The first question to be asked regarding GDPR is whether the app is based in the European Union or if it offers services to EU citizens.




It should be noted that Plackal Tech, the company behind the Maya app, is located in India.

However, it is serving EU users as it is available on the Google Play Store UK, which means that a UK user can download and use the app in the EU. Although they do not specifically mention use by EU users, the Terms and Privacy Policy of the app states that the app is available in India or in other jurisdictions (sic).

Finally, it is highly questionable whether this extensive data collection is strictly necessary for providing the service of a menstruation app. Also, this extensive data collection raises a series of questions regarding the compatibility of these apps with EU data protection law, Privacy International concluded.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...