The intrusive activities of companies like Facebook are getting further and further. A group of information security experts has revealed that some menstrual period tracking mobile apps have shared multiple confidential details with the social media giant, including use of birth control methods, dates periods and some symptoms of users.
There are multiple menstrual monitoring applications. These services provide users with information about their most fertile days of the month or the approximate dates of their next period. For obvious reasons, these apps store highly confidential user data, from a general medical profile, sex life, mood swings and even eating habits and use of personal hygiene products.
Starting with the publication of these reports, one of the analyzed apps made a major update to their privacy policies trying to mitigate the media impact of the incident.
According to information security experts, the apps involved share this data with Facebook through the company’s software development kit (SDK). This toolset is used by developers to generate profits by reaching advertisers who, for their part, offer users personalized ads.
Among the most noteworthy applications are MIA, developed by Mobapp Development Limited and My Period Tracker, of the company Linchpin Health, together, these applications exceed two million downloads, in addition to Maya, from Plackal Tech, which has 5 millions downloads on Google Play. The most commonly used menstrual monitoring apps such as Period Tracker, Period Track Flo and Clue Period Tracker were also analyzed, but no evidence was found that they shared information with Facebook.
“Given the type of service these apps provide, intimate details of millions of users worldwide (in this case, data related to their sexual life and health) could go through Facebook and other third-party companies without any consent, which is worrying”, information security experts mention.
The rest of the companies listed in the study have not commented on it.
On the other hand, Facebook released the following statement: “Our terms of service prevent developers from sending us confidential information, such as medical details. Facebook does not promote this behavior in any way.”
Information security specialists from the International Institute of Cyber Security (IICS) believe that this kind of research is highly needed, as they are a constant reminder of the data protection policies of the companies and possible violations of laws such as GDPR. “When companies don’t meet the data protection standards set by the law, they have to face the consequences,” the experts added.