The article addresses the technical limitations encountered in the research of period tracking apps, particularly emphasizing the inability to test server-side interactions and Google Fit integrations. It reveals that while personal cycle data wasn't sent to third parties like Facebook, numerous apps integrated advertising and analytics SDKs, facilitating the sharing of device identification data. The findings underscore the significance of user privacy, as these practices, disclosed in privacy policies, represent a potential risk in data handling for sensitive applications.
Before our analysis, we note the technical limitations meant we did not test certain features mentioned, such as Google Fit integrations offered by some apps.
This automatic collection of device data was disclosed in all the apps' privacy policies, all of which mentioned that device identifiers and IP addresses would be automatically collected.
Collection
[
|
...
]