The intrusive activities of companies like Facebook are getting further and further. A group of information security experts has revealed that some menstrual period tracking mobile apps have shared multiple confidential details with the social media giant, including use of birth control methods, dates periods and some symptoms of users.
There are multiple menstrual monitoring applications. These services provide users with information about their most fertile days of the month or the approximate dates of their next period. For obvious reasons, these apps store highly confidential user data, from a general medical profile, sex life, mood swings and even eating habits and use of personal hygiene products.
Starting with the publication of these reports, one of the analyzed apps made a major update to their privacy policies trying to mitigate the media impact of the incident.
According to information security experts, the apps involved share this data with Facebook through the company’s software development kit (SDK). This toolset is used by developers to generate profits by reaching advertisers who, for their part, offer users personalized ads.
Among the most noteworthy applications are MIA, developed by Mobapp Development Limited and My Period Tracker, of the company Linchpin Health, together, these applications exceed two million downloads, in addition to Maya, from Plackal Tech, which has 5 millions downloads on Google Play. The most commonly used menstrual monitoring apps such as Period Tracker, Period Track Flo and Clue Period Tracker were also analyzed, but no evidence was found that they shared information with Facebook.
“Given the type of service these apps provide, intimate details of millions of users worldwide (in this case, data related to their sexual life and health) could go through Facebook and other third-party companies without any consent, which is worrying”, information security experts mention.
When questioned, Maya’s developers said they had already removed the Facebook SDK, so this conduct had already been stopped. However, the company confirmed that it would continue to use Facebook Ad SDK for people who accepted their terms and conditions and privacy policy, ensuring that “under no circumstances, do we share personal or medical data with third parties. All data accessed by Maya is essential for optimal service operation. The prediction of information related to menstrual cycles is complex and depends on thousands of variables,” the company’s message added.
The rest of the companies listed in the study have not commented on it.
On the other hand, Facebook released the following statement: “Our terms of service prevent developers from sending us confidential information, such as medical details. Facebook does not promote this behavior in any way.”
Information security specialists from the International Institute of Cyber Security (IICS) believe that this kind of research is highly needed, as they are a constant reminder of the data protection policies of the companies and possible violations of laws such as GDPR. “When companies don’t meet the data protection standards set by the law, they have to face the consequences,” the experts added.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.