Members Only
lock close icon

Period App Data Breach: Details of Women’s Sexual Lives Leaked

A new report reveals that India-based period tracker apps share sensitive medical data with Facebook. 

Devina Buckshee
Fit
Updated:
A new report reveals that India-based period tracker apps share sensitive medical data with Facebook. 
i
A new report reveals that India-based period tracker apps share sensitive medical data with Facebook. 
(Photo: Arnica Kala/FIT)

advertisement

Every woman and menstruating person knows this - tracking your period is hard. So period tracker apps, that do the work for you and advise you on your cycle, contraception use, dealing with PMS and more, seem like a godsend.

It goes without saying that confidentiality should be paramount in sensitive medical data, but a new, damning report by UK-based advocacy group Privacy International has revealed that Bangalore-based period tracker app Maya and Cyprus-based MIA Fem have been sharing your data with Facebook.

This is especially dubious as it means that the app shared users’ personal medical, sexual and lifestyle data, everything about your fertility, period cycles, your contraception use, your PMS symptoms and history and more.

Speaking to FIT, Tripti Jain, an independent researcher and ex-counselor at Software Freedom Law Center, said,

“In India’s cultural fabric, questions about a woman’s sexual life, especially an unmarried woman’s, can have devastating effects if leaked.”
Screenshot from the Maya app(Photo courtesy: Maya app)

According to the report,

“When Maya asks you to enter how you feel and offers suggestions of symptoms you might have - suggestions like blood pressure, swelling or acne - one would hope this data would be treated with extra care. But no, that information is shared with Facebook.”

Apps like these, specifically geared to women’s health, are highly popular, and on the Google Play store Maya already has around five million downloads and 7 million in total, and MIA Fem says it has 2 million.

What Does This Mean for Women?

“MIA asks it’s users to share details they can’t share with anyone else and claims to be a safe space for things you are afraid to say, but by sharing the data they are misleading people into believing what they say is private,” says Jain.

Safety and security are assumed especially when sharing sensitive data but the report says Maya starts sharing data with Facebook as soon as you open the app before you have a chance to look over the privacy policy.

“That means they never took the consent in the first place, and immediately started monitoring you. Even just data like the fact that you are a woman of menstruating age interested in an app like this is private information.”

We share sacred, never-shared-before things and intimate details with the app like the heaviness of our flow and grisly details of the pain and more. So a breach of sensitive data is a huge problem. As the report says, the app often knows more about you before you - like when you are ovulating - and so, even before you, Facebook knows about YOUR ovulation cycle.

“We have met girls who are not allowed phones or to be on them for long as their parents are worried they will talk to boys. So a breach of this data, on this level, is huge.”
Tripti Jain
ADVERTISEMENT
ADVERTISEMENT

Like other period tracker apps, Maya and Mia Fem are also used to track your fertility, your pregnancy, and your general health including lifestyle habits like your coffee use for example.

According to Privacy International, the MIA Fem shares the type of birth control medication users take and it’s reminders with Facebook.

This sort of data breach is particularly hurtful as apps like these, and femtech, in general, offers a digital space for women’s healthcare where our medical issues are discussed and taken seriously. Where we can voice issues contorted in shame and find solutions to our problems - no more hysteria, we are listened to and treated instead.

Sensitive personal data is any data that can be used to identify an individual. India's draft data protection bill (which is yet to be tabled in Parliament), identifies data about an individual's health, sex life as "sensitive personal data". Meaning, such data can only be shared with the explicit and informed consent of the users.

Sensitive personal data is any data that can be used to identify an individual.(Photo: iStockphoto/Altered by FIT)

What’s the Apps’ Response?

According to the report, Maya’s privacy policy says that “no personal data is disclosed to advertisers.” However, the app also says that “users' personal data may be used " to comply with “our advertisers’ wishes by displaying their advertisement to that target audience.”

The report underscores the consequences of this, adding, “understanding people’s mood is an entry point for manipulating them.”

However, according to a report by MoneyControl, Sheroes, the company that owns Maya, told Privacy International that it had removed the Facebook analytics software that was responsible for the breach and targeting ads at women. In a statement, John Paul, Maya founder and CEO said, “ Maya does not sell data to Facebook or any third party. We have in the past used tools from Facebook, strictly to improve our product experience. We have proactively removed these tools from all versions of the app due to concerns about privacy.”

While it is great that Maya is taking corrective measures, Jain worries that it may be too little too late,

“We come from a taboo society where we do not disclose such intimate details. So this step is not going to un-scar that woman.”

“Besides, they are still not disclosing who these third-party advertisers are and other such details.”

So, What Can We Do About This?

More women app developers, especially for apps catering to women, will help create a more focused and understanding tool.(Photo: iStockphoto)

“Most women on this app will be educated,” and internet-forward and Jain suggests they should do a quick Google search on the app they are downloading and see if anything suspicious pops up.

But more than that, app developers need to shoulder the majority of the responsibility.

“Apps should ensure privacy by design.” beyond the jargon-filled and confusing terms and conditions, “there could be comics, videos or more interesting ways to educate users about the app and ensure informed consent.”

Plus, she suggests a multi-stakeholder approach. Apps and our hunger for them are increasing day by day, so we need policy interventions and laws to keep up with the boom.

By women for women?

A huge stumbling block is that most of these apps are primarily designed by males. “From a design perspective, there need to be more women making these apps. It would help if the same gender that the app is catering to also created it because only they can understand the exact circumstances.”

AI replicating human biases is well documented, and of course, a white male sitting in Silicon Valley cannot understand an Indian woman’s lived reality.

Besides, in the information age, we can’t run from technology, but we can hold it to higher standards.

(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)

Become a Member to unlock
  • Access to all paywalled content on site
  • Ad-free experience across The Quint
  • Early previews of our Special Projects
Continue

Published: 12 Sep 2019,11:43 AM IST

ADVERTISEMENT
SCROLL FOR NEXT