Menu Close

Gizmodo: Chinese Advertisers Might Have Monetized Your Period

Read the original article here.

By Whitney Kimball

08/20/20

In a cruel but totally predictable twist, an app that all but guaranteed pregnancy within nine months or-your-money-back was too good to be true.

A data privacy watchdog has found that a top ovulation tracker Premom has been secretly sharing users’ location data, advertising IDs, and multiple device identifiers from Android devices with Chinese data providers for advertising companies. Some of the information is impossible to revoke unless you destroy your device. Data from the app analytics firm Sensor Tower shows that Premom’s ovulation tracker has been downloaded over 120,000 times from the Google Play store and iTunes in July 2020 alone.

The Washington Post has reported that the International Digital Accountability Council (IDAC), which conducted an investigation, has found no evidence that Premom shared health-related information, but persistent, non-resettable hardware identifiers are nearly as bad. With the aforementioned location, device and advertising data, the companies could have inferred users’ identities, tracked browsing activity and use of other apps—and, in doing so, might well have developed behavioral profiles, which can include users’ believed sexual identities, religious affiliations, political preferences, health status, education level, and income bracket. Premom’s privacy policy states that it would “will keep your personal data confidential and we will not give or sell your information to any third parties or non-affiliated companies without your consent.”

Premom, which is free in the Apple App and Google Play stores, appears to generate revenue from its sister brand Easy@Home: an Illinois-based online depot for home medical supplies, including drug tests and ovulation test strips, the latter of which are marketed as complementary products for the app. The first red flag, though, was the litany of data Premom said it collected, up until a recent update in its privacy policy:

name, age, gender, birth date, health-related information, email address, fertility information, social media account names, authentication information, inventory of installed applications on Your device, phonebook or contact data, microphone and camera sensor data, sensitive device data, and other information that you link with our Application.

It adds that users may “and may be required to” share information and give Premom access to third-party services. (Now, it says that users can opt out by emailing Premom, something an average user is not likely to know they can do.) It’s especially suspect, IDAC notes, that Premom would supposedly need a list of users’ other apps, which can be used to profile users for ad targeting.

In a letter to Google, the FTC, and the Illinois Attorney General, IDAC identifies Chinese companies Jiguang, UMSNS, and Umeng as Premom data recipients. The Alibaba-owned company Umeng analyzes and publishes reports on app usage statistics, ostensibly for developers. Jiguang, also an analytics company, provides push notification software for apps, which IDAC claims aggressively sucks up data without users’ knowledge or any clear method for stopping it. Not particularly reassuringly, a Jiguang spokesperson said in a statement shared with the Washington Post that it was “100% in compliance with Chinese laws” and also Apple App store and Google Play guidelines. Gizmodo was unable to locate any pertinent information on UMSNS.

Data privacy protection is a mess in the United States, and as of now, there are no federal data privacy regulations. But Illinois, where Premom’s parent company Easy Healthcare Corporation is based, has been working to pass data privacy legislation which would give consumers the right to delete data and know whom it’s been shared with, similar to the landmark policy California enacted this year.

Google also explicitly forbids the extent of data hoovering alleged in IDAC’s letter, particularly the collection of advertising IDs together with device identifiers, without consent. According to the Washington Post, Google briefly removed the app from its store on August 6th, after an inquiry from the paper, but soon restored it.

Supposedly, Premom updated the app and removed the Chinese companies’ access to data, so now you can rest easy in the knowledge that Google Analytics and Facebook will take good care of you. Gizmodo has reached out to Premom and the IDAC and will update the post if we hear back.