Period tracking apps have sprouted up all over the app stores. But those apps might not be as private as users think. An investigation from a UK-based research group Privacy International found that some apps are sharing users’ personal information including details about a user’s cycle and even the last time they had sex — with social media giant Facebook.
The report found that most popular apps including period trackers by Leap Fitness Group, Flo, Simple Design and Biowink’s Clue all passed the test and are not sharing with Facebook.
The report said that period trackers Maya and MIA are both sharing data with Facebook. The report zeroed in on Maya which has roughly 5 million downloads. Researchers found that the tracker was telling Facebook when users opened the app, their medical history, what contraception they were taking, and even mood.
“Confidentiality is at the heart of medical ethics and countries that have data protection laws traditionally have a separate regime for health data, which includes health data, which are considered sensitive data,” the nonprofit wrote in the report. “Thus, when Maya asks you to enter how you feel and offers suggestions of symptoms you might have — suggestions like blood pressure, swelling or acne — one would hope this data would be treated with extra care. But no, that information is shared with Facebook.”
The research group explains that it’s not uncommon for app developers to use Facebook’s SDK for Android, which lets them “integrate their apps with Facebook’s platform and contains a number of core components: Analytics, Ads, Login, Account Kit, Share, Graph API, App Events and App Links. For example, using Facebook's SDK allows apps to use a "Login with Facebook" based authentication, meaning users can log in using their Facebook account.”
MobiHealthNews has reached out to Maya for comment and will update the story accordingly.
WHY IT MATTERS
Privacy has been a long concern in the digital health world. As technology becomes a larger part of health stakeholders have discussed the dangers of sharing patient’s most personal information.
Investigators in the report point out that this personal data could help advertisers take advantage of people when they are vulnerable.
“There is a reason why advertisers are so interested in your mood; understanding when a person is in a vulnerable state of mind means you can strategically target them,” researchers wrote. “Knowing when a teenager is feeling low means an advertiser might try and sell them a food supplement that is supposed to make them feel strong and focused.”
THE LARGER TREND
It’s not just apps in the privacy spotlight. Big name tech giants have also come under the microscope. In June a lawsuit was filed against Google and the University of Chicago Medical Center for violating patients’ privacy following a data-sharing partnership that the two parties inked two years ago. However, at the time Google argued that it always followed the HIPAA rules.
“We believe our healthcare research could help save lives in the future, which is why we take privacy seriously and follow all relevant rules and regulations in our handling of health data. In particular, we take compliance with HIPAA seriously, including in the receipt and use of the limited data set provided by the University of Chicago,” a Google Spokesperson, wrote in an email to MobiHealthNews.
In the US, politicians have taken notice of these leaks. In June, senators Amy Klobuchar (D-Minn.) and Lisa Murkowski (R-Alaska) introduced legislation to strengthen privacy and security protections for consumers’ personal health data, specifically the data involved in DNA testing kits and health tracking apps.