The intrusive activities of companies like Facebook are getting further and further. A group of information security experts has revealed that some menstrual period tracking mobile apps have shared multiple confidential details with the social media giant, including use of birth control methods, dates periods and some symptoms of users.
There are multiple menstrual monitoring
applications. These services provide users with information about their most
fertile days of the month or the approximate dates of their next period. For
obvious reasons, these apps store highly confidential user data, from a general
medical profile, sex life, mood swings and even eating habits and use of
personal hygiene products.
Starting with the publication of these reports,
one of the analyzed apps made a major update to their privacy policies trying
to mitigate the media impact of the incident.
According to information security experts, the
apps involved share this data with Facebook through the company’s software
development kit (SDK). This toolset is used by developers to generate profits
by reaching advertisers who, for their part, offer users personalized ads.
Among the most noteworthy applications are MIA,
developed by Mobapp Development Limited and My Period Tracker, of the company
Linchpin Health, together, these applications exceed two million downloads, in
addition to Maya, from Plackal Tech, which has 5 millions downloads on Google
Play. The most commonly used menstrual monitoring apps such as Period Tracker,
Period Track Flo and Clue Period Tracker were also analyzed, but no evidence
was found that they shared information with Facebook.
“Given the type of service these apps
provide, intimate details of millions of users worldwide (in this case, data
related to their sexual life and health) could go through Facebook and other
third-party companies without any consent, which is worrying”, information
security experts mention.
When questioned, Maya’s developers said they
had already removed the Facebook SDK, so this conduct had already been stopped.
However, the company confirmed that it would continue to use Facebook Ad SDK
for people who accepted their terms and conditions and privacy policy, ensuring
that “under no circumstances, do we share personal or medical data with
third parties. All data accessed by Maya is essential for optimal service
operation. The prediction of information related to menstrual cycles is complex
and depends on thousands of variables,” the company’s message added.
The rest of the companies listed in the study
have not commented on it.
On the other hand, Facebook released the
following statement: “Our terms of service prevent developers from sending
us confidential information, such as medical details. Facebook does not promote
this behavior in any way.”
Information security specialists from the
International Institute of Cyber Security (IICS) believe that this kind of research
is highly needed, as they are a constant reminder of the data protection
policies of the companies and possible violations of laws such as GDPR.
“When companies don’t meet the data protection standards set by the law,
they have to face the consequences,” the experts added.
