A number of popular period-tracking apps were discovered to be sharing sensitive user data with Facebook — even details on when a user last had sex.
Business Insider reports that a recent investigation by Privacy International discovered that various period-tracking apps that have millions of downloads have been sharing sensitive and detailed user data with Facebook and other third-parties. Two of the biggest offending apps, Maya and MIA Fem, revealed to Facebook when its users last had sex.
Following the report from Privacy International, Maya told the group that it would be removing the Facebook Software Development Kit (SDK) that allowed the data sharing to take place. A Facebook spokesperson told Business Insider that the social media sites terms of service “prohibit developers from sending us sensitive health information and we enforce against them when we learn they are.”
The information shared with Facebook included users’ drinking habits, medical issues, and when they last had sex. Maya has over five million downloads while MIA Fem boasts one million and both used the Facebook SDK to allow users to log in via Facebook and help the apps manage their data. Business Insider compiled a list of the data that both apps passed on which can be seen below:
Here is the data that Maya passed on:
- If users reported symptoms such as cramps or breast tenderness.
- Whether they were on contraception, e.g. the pill.
- Moods e.g. whether they were feeling “sexy” or “anxious.”
- When users last had sex, and whether they used protection.
Here is the data that MIA Fem passed on:
- Whether users were using the app as a regular period-tracker, or as a fertility-tracker because they were trying to get pregnant.
- The date of users’ last period and the duration of the cycle.
- Whether users have been drinking coffee and alcohol.
- What feminine hygiene products users were using.
- Medical symptoms e.g. constipation and diarrhea.
Eva Blum-Dumontet, who led the investigation, told Business Insider that even people without Facebook accounts could see their information sent to Facebook. “Regardless of whether you’re a user or not Facebook gets this information, and it’s tied to your unique advertisement ID so it’s really tied to your identity,” Blum-Dumontet stated. “On some of the apps we’ve looked at it’s tied to your email address, so they can really trace you regardless of whether you have an account or not.”
A Facebook spokesperson told BuzzFeed that the company requires app developer to be clear with users about the data they’re gathering. The spokesperson stated: “We have systems in place to detect and delete certain types of data such as Social Security Numbers, passwords, and other personal data, such as email or phone number. We have begun looking at ways to improve our system and products to detect and filter out more types of potentially sensitive data.”
Another Facebook spokesperson told Business Insider: “Contrary to Buzzfeed’s reporting, our terms of service prohibit developers from sending us sensitive health information and we enforce against them when we learn they are. In addition, ad targeting based on people’s interests does not leverage information gleaned from people’s activity across other apps or websites.”