In a cruel but totally predictable twist, an app that all but guaranteed pregnancy within nine months or-your-money-back was too good to be true.
A data privacy watchdog has found that a top ovulation tracker Premom has been secretly sharing users’ location data, advertising IDs, and multiple device identifiers from Android devices with Chinese data providers for advertising companies. Some of the information is impossible to revoke unless you destroy your device. Data from the app analytics firm Sensor Tower shows that Premom’s ovulation tracker has been downloaded over 120,000 times from the Google Play store and iTunes in July 2020 alone.
name, age, gender, birth date, health-related information, email address, fertility information, social media account names, authentication information, inventory of installed applications on Your device, phonebook or contact data, microphone and camera sensor data, sensitive device data, and other information that you link with our Application.
It adds that users may “and may be required to” share information and give Premom access to third-party services. (Now, it says that users can opt out by emailing Premom, something an average user is not likely to know they can do.) It’s especially suspect, IDAC notes, that Premom would supposedly need a list of users’ other apps, which can be used to profile users for ad targeting.
In a letter to Google, the FTC, and the Illinois Attorney General, IDAC identifies Chinese companies Jiguang, UMSNS, and Umeng as Premom data recipients. The Alibaba-owned company Umeng analyzes and publishes reports on app usage statistics, ostensibly for developers. Jiguang, also an analytics company, provides push notification software for apps, which IDAC claims aggressively sucks up data without users’ knowledge or any clear method for stopping it. Not particularly reassuringly, a Jiguang spokesperson said in a statement shared with the Washington Post that it was “100% in compliance with Chinese laws” and also Apple App store and Google Play guidelines. Gizmodo was unable to locate any pertinent information on UMSNS.
Data privacy protection is a mess in the United States, and as of now, there are no federal data privacy regulations. But Illinois, where Premom’s parent company Easy Healthcare Corporation is based, has been working to pass data privacy legislation which would give consumers the right to delete data and know whom it’s been shared with, similar to the landmark policy California enacted this year.
Google also explicitly forbids the extent of data hoovering alleged in IDAC’s letter, particularly the collection of advertising IDs together with device identifiers, without consent. According to the Washington Post, Google briefly removed the app from its store on August 6th, after an inquiry from the paper, but soon restored it.
Supposedly, Premom updated the app and removed the Chinese companies’ access to data, so now you can rest easy in the knowledge that Google Analytics and Facebook will take good care of you. Gizmodo has reached out to Premom and the IDAC and will update the post if we hear back.