Two popular period-tracking apps are believed to have shared their users’ personal information – including details about users’ sexual activities, menstrual cycles, methods of contraception, and mood variations – with Facebook.
According to research conducted by the UK-based advocacy group, Privacy International, and initially reported in Buzzfeed, popular period tracker apps Maya (by Plackal Tech) and MIA (by Mobapp Development), both of which have been downloaded millions of times, shared extensive amounts of sensitive user information with Facebook (and, potentially, other third parties) through the use of Facebook’s Software Development Kit (SDK), which, among other things, helps the social-media platform target users with relevant advertisements.
The two apps in question track a lot more than just periods – they prompt women to input all sorts of information about the when, what, and how of their sexual activities and contraception, as well as comments about their moods – and it appears that all of this data was shared with Facebook, potentially even for users who themselves do not use Facebook.
Of course, to Facebook such data could be quite valuable – consider how much it would be worth to companies that produce pregnancy tests and maternity items, for example, to be able to target Facebook ads to women who report being sexually active, not using contraception, and missing their last periods? Facebook has stated, however, that it is looking into whether the apps in question violated its terms of service by sharing such data.
Regardless of where all the dust settles, the present incident highlights the need for simpler, clearer explanations, by all companies involved in the app ecosystem, as to what data their apps share with others. It is common knowledge that few people actually read and understand the complex, long-winded “terms and conditions” that are shown to users as they install apps, and, as a result, few people understand the repercussions to their privacy of using apps that share data with third-parties via SDKs or the like.It is common knowledge that few people actually read and understand the complex, long-winded 'terms and conditions' that are shown to users as they install apps. ~ Joseph Steinberg Click To Tweet
The phenomenon of people clicking “Accept” without having a clue as to what they just accepted is not new – I have discussed it many times before – but, the current incident does, once again, underscore the need for substantial change. Regulators can, and should, step in – as can the social media platforms and the app store providers themselves.
How hard would it really be for apps that share data with Facebook, for example, to display a straightforward message such as “Warning: Any and all data that you enter into this app may be shared with Facebook and other third parties, who may correlate and combine it with other data about you, and who may target you with relevant advertisements. If you do not want Facebook or any other third parties to see any particular information do not enter it into this app.”
For users who want privacy, there are plenty of period-tracking programs from the pre-smartphone-era that store all of their data locally – and don’t even use the Internet. Of course, there are also paper planners.
In any event, Plackal Tech has already notified Privacy International that it has “hence removed both the Facebook core SDK and Analytics SDK from Maya.” Mobapp, on the other hand, did not wish that its response be published.