• by Gavin O'Malley , Staff Writer @mp_gavin, September 11, 2019

Adding to Facebook’s privacy woes, researchers have discovered that popular period-tracking apps shared users’ most intimate sexual and health practices with the social giant.

Two period-tracking apps in particular, MIA Fem and Maya, filled Facebook in on everything from the timing of women’s menstrual cycles to their sexual activity, according to a new re port from Privacy International.

“Maya by Plackal Tech and MIA by Mobapp Development Limited conducted… what we believe to be extensive sharing of sensitive personal data with third parties, including Facebook,” the researchers write.

The findings follow a report released by the UK-based advocacy group late last year. It documented the casual data-sharing habits of top mobile applications.

Among the 36 apps it tested, Privacy International found that 61% automatically transferred data to Facebook the moment a user opens the app -- whether users had a Facebook account or not, and whether or not they were logged into Facebook at the time.

Such sharing occurs through a set of software development tools known officially as the Facebook Software Development Kit, or SDK.

In a follow-up report, Privacy International found that two-thirds of the apps that it had exposed had later updated their data-sharing practices.

In response to Privacy International’s more recent findings, Maya by Plackal Tech said it removed both the Facebook core SDK and Analytics SDK.

MIA, for its part, did not wish to have its response to Privacy International’s most recent findings published.

Although they are not the most used period-tracking apps on the market, Maya and MIA reach millions of women. Maya, for example, boasts over 5 million downloads on Google Play alone.

By any measure, the apps also encourage women to share their most private personal details.

Among other questions, Maya asks women about their current emotional states, whether they are experiencing “health issues,” whether they “got lucky last night,” and if they used contraception.

Before the app updated its practices, all of this sensitive information -- in addition to users’ “diaries” -- was freely shared with Facebook and other third parties, Privacy International reported.

The report includes a statement by Facebook that its terms of service prohibit app developers from sharing health or other sensitive data, and the company told BuzzFeed News that it had notified Maya and MIA of possible terms violations. Facebook also said that, while it has systems that automatically identify and delete passwords and other sensitive information shared by apps, it has "begun looking at ways to improve our system and products to detect and filter out more types of potentially sensitive data.” 

Facebook spokesman Joe Osborne also issued a statement to press saying that in targeting ads by interest, the platform "does not leverage information gleaned from people’s activity across other apps or websites.” 

As it struggles to position itself as a safe and secure platform, Facebook remains mired in privacy issues. Just last week, for example, the phone numbers of more than 400 million users were found floating online. In addition, a federal judge just refused to dismiss a lawsuit alleging that Facebook violated users’ privacy by sharing their information with outside developers, including Cambridge Analytica.