In December 2018, PI revealed some dubious practices among some of the popular app used globally. The investigation revealed that 61% of the apps automatically shared data to Facebook regardless of whether the user has an account with the social network or not, or whether the person was signed in or not. The study exposed the real intent of the apps. “Menstruation apps are not just concerned with your menstruation cycles. As our partner organisation Coding right showed in their research, they collect information about your health, your sexual life, your mood, and more,” the study said at the time.
The app will inform the user the time she’s most fertile or when next to expect her next menstrual flow. But already, they have shared that information with a third party, against their privacy policies.
PI revealed also that since the investigation, two third of the culprits in 2018 have updated their apps and reviewed.
The apps share the information with Facebook through the social network’s software development kit. These tools can be used for the purpose of running targeted ads.
Popular apps like Period Track Flo and Clue Period Tracker are not involved in the privacy violation. But other apps including Maya by Plackal Tech(with over 5 million downloads on Google Play), MIA by Mobapp Development Limited (with over 1 million downloads and My Period Tracker by Linchpin Health(with over 1 million downloads) all shared these sensitive data with Facebook, with the primary aim to help them make money by reaching advertisers who provide users with targeted audience or personalised ads.
“The wide reach of the apps that our research has looked at might mean that intimate details of the private lives of millions of users across the world are shared with Facebook and other third parties without those users’ free unambiguous and informed or explicit consent, in the case of sensitive personal data, such as data relating to a user’s health or sex life,” PI said.
When asked about privacy violation committed by the third-party apps, Facebook told the BBC that it’s against its policies for developers to send sensitive health information to its platform because there are consequences for culprits. “Ad targeted based on people’s interests does not leverage information gleaned from people’s activity across other apps or websites,” he added.
These finding raise serious privacy concerns as to how apps comply with the EU’s General Data Protection Regulation.
