Period tracker apps are sharing data to Facebook about when people last had sex

Two popular menstruation apps have been found sharing users’ personal data about their emotional wellbeing and their bodies – including when they last had sex – to third party groups such as Facebook, according to new research.

A report published on Monday from advocacy group Privacy International examined 10 leading period-tracking apps, and found Mia Fem and Maya have been sharing women’s personal information about contraception use, menstruation dates, and their symptoms, directly to Facebook.

The group claimed the apps have been collecting data and information from users on their mood and sexual life in exchange for information about which days they will be most fertile. Privacy International said this data had been used to manipulate users with targeted adverts based on their information, such as showing a user an ad for health supplements on Facebook after learning they had been experiencing a low mood.

Mia Fem – by Mobapp Development Limited – has more than two million downloads, while Maya – by Plackal Tech – says it was the 2017 winner of Facebook’s FbStart Apps of the year award, and has more than five million downloads.

Sharing automatically

Privacy International’s report follows on from research the group carried out in December 2018 into data tracking. Testing 36 popular apps that connect to Facebook through smartphones, the group said that 61 per cent of the apps it examined automatically transfered data to Facebook once they were opened. It also found that users did not need to be logged in to Facebook for these apps to send detailed personal data to the social media platform.

In its latest report, Privacy International claimed the Mia Fem and Maya apps start sharing users’ personal data to Facebook as soon as the apps are downloaded, and before users have the chance to agree to any privacy terms, raising serious questions over the security of users’ data.

These apps share data through Facebook’s Software Development Kit (SDK) – a feature which allows users to log in using their Facebook profile for example – in order to help it create targeted ads.

Sensitive information

Maya responded to the results, saying Facebook’s SDK feature would be removed from the app (Photo: Apple store)

The group found that Maya requested information about when users had sex and whether the intercourse was protected or not. Privacy International pointed out how this appears irrelevant to predicting menstrual cycles, which is the app’s primary use.

Privacy International said: “The wide reach of the apps that our research has looked at might mean that intimate details of the private lives of millions of users across the world are shared with Facebook and other third parties without those users’ free unambiguous and informed or explicit consent, in the case of sensitive personal data, such as data relating to a user’s health or sex life.”

The group also examined some of the most popular menstruation tracker apps, including Period Tracker by Leap Fitness Group, Period Tracker Flo, Period Tracker by Simple Design and Clue Period Tracker, and said none of them shared data with Facebook.

A spokesperson for Facebook told i: “Our terms of service prohibit developers from sending us sensitive health information and we enforce against them when we learn they are. In addition, ad targeting based on people’s interests does not leverage information gleaned from people’s activity across other apps or websites”.

In the case of Maya, the app allows users to enter sensitive information in a diary-like section of the app which was also shared with Facebook, Privacy International found. Information such as experiencing a low-mood can be helpful to advertisers as they can use this data to serve ads for products that purport to help with a person’s experience.

Since the group published its findings, Maya said it has removed the Facebook SDK feature.

Complying with the law

Mia Fem were found to share data with Facebook as soon as users opened the app (Photo: Google Play)

Both Maya and Mia Fem share data further afield than simply Facebook, the research claimed, with marketing sites also having access to the data.

The findings raise serious concerns over these companies’ compliance with GDPR, Privacy International said, as users within the EU are meant to have greater control and awareness over how their data is used.

The group has called for companies to take greater steps to address these issues. Facebook has committed to creating a tool in which users can stop apps and businesses sharing their data with the social platform, though the organisation says this is not enough.

“The responsibility should not be on users to worry about what they are sharing with the apps they have chosen,” Privacy International said.

“The responsibility should be on the companies to comply with their legal obligations and live up to the trust that users will have placed in them when deciding to use their service.”

i has contacted Mia Fem and Maya for comment.

More on data privacy:

The post Period tracker apps are sharing data to Facebook about when people last had sex appeared first on

Read More

Facebook’s dating service is now live in the US, matching people through common interests

Facebook has launched a dating service for users in the US, focusing on providing “a more authentic look at who someone is” through potential matches’ common interests.

The new feature was first announced in May 2018, and allows users to opt into the dating service and creating a dating profile separate to their main account.

Suggested matches are generated based on user’s preferences, interests and activities on the social network.

How Facebook and Instagram Stories may appear in the final Facebook Dating interface (Photo: Facebook)
How Facebook and Instagram Stories may appear in the final Facebook Dating interface (Photo: Facebook)

The service aims to match users with friends of friends or people outside their social circles rather than people they’re already Facebook friends with, although users will be alerted if both of them have added each other to a Secret Crush list.

Facebook Dating data will be limited to the dating profile and won’t be shared across their main account, Nathan Sharp, Facebook Dating’s product manager, said in a statement.

“Facebook Dating isn’t about swiping or having to wait for someone to like you to get a first chance at reaching out,” he added.

“If you are interested in someone, you can comment directly on their profile or tap on the Like button to let them know. If you aren’t interested, you can pass on them.”

The Secret Crush list could connect Instagram users too (Photo: Facebook)
The Secret Crush list could connect Instagram users too (Photo: Facebook)

Users can shared details of an upcoming date or their live location with friends or family via Facebook’s Messenger app, and a profile’s gender identity will be hidden from potential matches “to respect people’s privacy”.

Facebook Dating users will be able to integrate posts from Facebook-owned Instagram into their profiles and add Instragram followers to their Secret Crush lists.

Both Instagram and Facebook Stories will be added to the service by the end of the year, Facebook confirmed.

The service is expected to launch in Europe in early 2020.

Facebook has more than 2.41bn monthly active users worldwide and poses major competition to Match Group, which owns smartphone dating app Tinder and site OkCupid, and IAC, which owns

Many popular dating apps, including Tinder, Hinge and Happn, use Facebook as a means of quickly creating profiles.

In the wake of the Cambridge Analytica data scandal, Bumble said it had added the option for new users to register without a Facebook account.

More on Technology

The post Facebook’s dating service is now live in the US, matching people through common interests appeared first on

Read More

Phone numbers linked to 18 million UK Facebook accounts exposed online

Hundreds of millions of phone numbers linked to Facebook accounts have been exposed in an easily-searchable online database.

The information in the exposed server contained more than 419m records, including 18m Facebook users based in the UK, 133m in the US and a further 50m in Vietnam.

As the server was not password-protected, its numerous databases were open and accessible to all web users.

This illustration picture shows the US social media Facebook logo displayed on a tablet in Paris on February 18, 2019. (Photo by Lionel BONAVENTURE / AFP) (Photo credit should read LIONEL BONAVENTURE/AFP/Getty Images)
The records were stored in an easily-accessible server (Photo: LIONEL BONAVENTURE/AFP/Getty Images)

The records contained a user’s unique Facebook ID – a string of numbers used to identify individuals profiles  and the phone number listed with the account. Some also contained users’ name, gender and country locations.

Sanyam Jain, a security researcher and member of the non-profit GDI foundation, first found the database and contacted tech site TechCrunch. The database was taken offline after the site contacted the web host.

Having access to a person’s phone number could allow hackers to force-reset the password of any online account linked to the number.

A Facebook spokesperson said the data had been collected prior to the social network restricting access to users’ phone numbers in April 2018.

“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said.

“The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”

facebook login shutterstock
Facebook claimed the data was old (Photo: Shutterstock)

The news is the latest in a long line of security breaches the site has suffered. In March it was found to have  stored hundreds of millions of user passwords in unencrypted plain text, leaving them searchable by thousands of the social network’s employees for years.

Between 200m and 600m passwords were stored in plain text on internal company servers,  with some archives dating back to 2012, a senior Facebook employee told security researcher Brian Krebs.

There is no evidence any Facebook employees abused access to the user data and the issues have since been fixed, the company said.

More than 20,000 Facebook employees were able to search the data, with around 2,000 engineers or developers making approximately 9m internal queries for data elements containing plain text user passwords, according to Mr Krebs.

Human rights groups rounded on Facebook the same month when it came to light the site allowed phone numbers users provided as a security measure to be used as a means to search for people’s profiles.

The social network had previously prompted users to add their phone numbers to their accounts to turn on two-factor authentication (2FA), a security feature which sends an alert to a user’s phone asking them to enter a code once it detects an attempt to log in from an unrecognised device.

Facebook’s default setting allows people to search for user profiles via their phone number and cannot be removed, meaning that while users can hide their phone number from appearing visibly on their profile, there is no way to prevent others from searching for them through the provided number.

More on Technology

The post Phone numbers linked to 18 million UK Facebook accounts exposed online appeared first on

Read More

Facebook tests hiding likes on posts, following in the footsteps of Instagram

Facebook is experimenting with hiding the number of ‘likes’ a post has received, following in the footsteps of sister app Instagram.

Reverse engineer Jane Manchun Wong noticed the social network displaying a post’s number of likes as “[user name] and others” instead of its standard numerical value.

The company told tech site TechCrunch it was considering testing removal of like counts, but that the experiment was not yet live for users.

Facebook-owned app Instagram began hiding likes on posts in six countries in July, which it said was designed to downplay the importance users place in receiving validation on their content and shift focus to the content they create.

Instead of displaying the number of likes a post has received, trial participants’ posts in Australia, Brazil, Canada, Ireland, Italy, Japan and New Zealand read ‘Liked by [user name] and others, allowing only the post creator to see its likes total.

Nudge techniques

SAN JOSE, CALIFORNIA - APRIL 30: Paper circles with the Facebook logo are displayed during the F8 Facebook Developers conference on April 30, 2019 in San Jose, California. Facebook CEO Mark Zuckerberg delivered the opening keynote to the FB Developer conference that runs through May 1. (Photo by Justin Sullivan/Getty Images)
Facebook has billions of users worldwide (Photo: Justin Sullivan/Getty Images)

Facebook introduced the like button in February 2009 as a means of indicating approval of users’ statuses, comments, photos and videos.

The number of likes a post or page attracts has become a popularity metric which many brands have leveraged to demonstrate their resonance with social media users.

Facebook posts ‘better indicator’ of mental health conditions than demographic data

Facebook’s reasoning for hiding likes could also be linked to the alleviation of pressure on social media users, though it may opt out of a wider roll-out if the practice leads to lower engagement with posts.

The company resisted pressure from users to add a ‘dislike’ button in favour of launching ‘reaction’ icons in February 2016, five emoticons representing Love, Haha, Wow, Sad or Angry.

A draft code published by the Information Commissioner’s Office (ICO) in April suggested forcing Facebook and other platforms to turn off their like functions in an effort to keep British children safer online.

The proposed measures include banning nudge techniques including likes and streaks which prompt users to stay actively engaged with a service for longer, allowing the site to collect more personal data.

More technology

The post Facebook tests hiding likes on posts, following in the footsteps of Instagram appeared first on

Read More

Hong Kong protests: YouTube follows other social media platforms and removes disinformation

YouTube says it has shut down more than 200 videos that were part of a unified effort to spread disinformation about the ongoing protests in Hong Kong.

Just days before, Twitter said it had suspended more than 200,000 accounts it linked to a Chinese government influence campaign against the protests, while Facebook said it had suspended seven pages, three groups and five accounts after being notified by Twitter.

Unlike Facebook and Twitter, Google – who own YouTube – did not explicitly implicate the Chinese government but said the videos were related to the similar disclosures from them.

Social media companies have faced criticism about the spread of misinformation on their sites and have taken actions to combat the spread in recent months.

Spreading misinformation

Hong Kong’s financial hub has been rocked by three months of unrest, with students making up a large number of the pro-democracy protesters taking to the streets almost daily (Photo: Getty)

A statement said: “Earlier this week, as part of our ongoing efforts to combat coordinated influence operations, we disabled 210 channels on YouTube when we discovered channels in this network behaved in a coordinated manner while uploading videos related to the ongoing protests in Hong Kong.

“This discovery was consistent with recent observations and actions related to China announced by Facebook and Twitter.”

In contrast, Twitter said 936 of the accounts came from Chinese government.

Responding to its decision to suspend the accounts, Twitter said in a statement: “This disclosure consists of 936 accounts originating from within the People’s Republic of China (PRC). Overall, these accounts were deliberately and specifically attempting to sow political discord in Hong Kong, including undermining the legitimacy and political positions of the protest movement on the ground.

“Based on our intensive investigations, we have reliable evidence to support that this is a coordinated state-backed operation. Specifically, we identified large clusters of accounts behaving in a coordinated manner to amplify messages related to the Hong Kong protests.”

In one of the example posts Facebook shared it removed from its site, an account compared Hong Kong protesters to cockroaches and Islamic State group militants.

Banned in China

Facebook and Twitter also suspended and removed profiles from their site (Photo: Getty)

As part of the Chinese government’s “Great Firewall” of censorship, Twitter and Facebook are banned in the country.

This week, the Chinese government’s announced this week that Simon Cheng Man-kit, a British Consulate worker, was detained in the city of Shenzhen, stoking tensions in Hong Kong.

The city has been gripped by months of anti-government protests.

China said this week that Mr Cheng had been placed in administrative detention for 15 days for violating public order regulations. It did not elaborate.

Mr Cheng has been working for the British Consulate since December 2017 as an international trade and investment officer for the Scottish Government. He and other local staff at consulates and embassies support diplomats but do not have diplomatic passports themselves.

The UK’s Foreign and Commonwealth Office said in a statement that they are still urgently seeking further information about Mr Cheng’s case.

The Foreign Office said: “Neither we nor Simon’s family have been able to speak to him since detention.

“That is our priority and we continue to raise Simon’s case repeatedly in China, Hong Kong and London and have sought to make contact with Simon himself.”

Additional reporting from Press Association.

More on Hong Kong:

The post Hong Kong protests: YouTube follows other social media platforms and removes disinformation appeared first on

Read More

Johnson bypasses the broadcasters to talk directly to voters

Yesterday’s announcement of a relaxation of the immigration rules for scientists from around the world was noteworthy for two reasons.

First, because it’s a good idea, long overdue and likely to be popular.

Second, because of how the message was delivered.

There was a press release, and an accompanying evening news package by the BBC, filmed on a Prime Ministerial visit to a fusion power research centre in Oxfordshire. But before either of those went out, the actual announcement took place online, in a Facebook Live broadcast by Boris Johnson.

The video itself was short, hitting key messages on police and NHS spending before trailing the headline news, leaving the detail for the official release shortly afterwards. The fairly simple set contained a few nods to his fans (and detractors) The flag, the ministerial red box (rapped pointedly when he spoke of getting to work) and, nestled away at the back, a red bus.

No, not that red bus. Nor the now-famous red buses built out of painted wine boxes. Rather a red, double-decker, London bus featuring the Back Boris 2008 logo – a memento of the mayoralty which influenced him so much, placed carefully where a TV had stood earlier in the day.

It’s the use of this video as the first point of announcement for an important policy that is particularly significant. It’s no secret that some political broadcasters have at times been a bit antagonistic, and that there are some tensions in the relationship already. More generally, what every politician really desires is an opportunity to communicate their message directly to voters without edit, limit or interpretation.

Breaking news through a social media broadcast, unfiltered, therefore makes sense. Between Facebook and Twitter this clip was seen by at least 450,000 people throughout the course of the evening, which isn’t bad given there was no pre-publicity to warn the audience in advance. My understanding is that this is a first experiment, and there will be more such broadcasts from the Prime Minister, the audience of which will be closely studied in Downing Street.

In an age which values authenticity, this is an approach with potential, particularly for this Prime Minister. Johnson opens with an invitation, the emphasis on the personal nature of the conversation and the privileged access being offered to viewers: “I’m speaking to you live from my desk in Downing Street”. He has built his career on being distinctive, engaging and entertaining; he’s the Government’s most notable media asset. It would be madness to lock that away behind bland scripts and anonymised official statements.

Previous examples of leaders seeking such direct communication with voters spring to mind, some more successful than others. Stanley Baldwin, the UK’s earliest adopter of broadcasting as a political tool; Franklin D. Roosevelt’s famous ‘fireside chats’; Harold Wilson’s sometimes ill-advised penchant for television (complete with the affectation of a pipe); Ronald Reagan’s extraordinary run of over 1,000 daily radio commentaries on current affairs prior to becoming President. David Cameron, of course, had WebCameron – sometimes a bit stagey, but always more at ease than Gordon Brown’s rictus efforts at YouTube. There are lessons from each, and all underscore that no politician can afford to stand still while the media changes around him.

It’s encouraging to see the Prime Minister’s team exploring and trying out new ways to cut through to the electorate. Making sure they maintain message discipline while allowing his personality to show will be the key. Relax it too much and it loses its bite; structure it too closely and it risks looking like a hostage video, turning off fans who want to feel they are seeing their Prime Minister as he really is. Get it right, and these broadcasts could have a really big impact.

Read More