Warning: *privacy not included with this product
My Calendar Period Tracker
Here's a period tracking app with over 10 million downloads on the Google Play store that feels rather sketchy to us. Made by app developer AppManage Group #1, LLC under the alias of Simple Innovation, we're left with more questions than answers when we try to learn more about the company. Simple Innovations website is, well, really quite simple. They seem to make four apps in total that they call "simple delights": this period tracking app, a weight tracking app, an egg timer app, and a steak timer app. That's quite the diversity of apps there. They say the period tracking app "is an extremely elegant and easy-to-use application that helps women keep track of periods, cycle, ovulation, and fertile days."
What could happen if something goes wrong?
My Calendar Period Tracker does say they may share some user data with third parties for advertising and personalization services. And they say they "may use and disclose aggregated, or otherwise anonymized information that does not relate to an identifiable natural person without restriction." Now is a good time to remind you that it has been found to be pretty easy to de-anonymize such data, especially if location data is included.
So, the My Calendar Period Tracker app collects data that may or may not be personally identifiable (precise location data is generally pretty identifiable). And they say "When you use the App on an Apple or Android mobile device, certain third parties may use automatic information collection technologies to collect information about you or your device. These third parties may include advertisers, ad networks, ad servers, and analytics companies." So, third parties are collecting information on you as you use this app, including Facebook, Amazon, and other advertising networks. My Calendar also says they can use anonymized information without restriction, even though that data can sometimes be re-identified.
None of these things makes us feel all that good about the privacy practices of the My Calendar Period Tracker app. Good to note too, that Consumer Reports also had concerns about this app when they reviewed it back in 2020.
And while privacy is a concern with this app, we found security to be an even bigger concern. We were able to log into the app using the incredibly insecure password of "1". Yup, one 1 was allowed as a password for an app that tracks your period. That's pretty bad. All in all, we just don't trust the security of this app. Although, they did make a point of having a way to report security vulnerabilities on a website that contain little other information. Which, on the one hand, is good, we like to see that information made available. It also raises some questions as they didn't feel the need to provide much other information on their website about the company or their privacy policies, which makes us wonder if they expect or experience a lot of security vulnerabilities? We just don't know.
What's the worst that could happen with this period tracking app. Dear lord, please don't download it and find out. It's privacy practices are questionable, at best. It's security practices are weak, at best. The My Calendar Period Tracker app leaves us with way too many questions to feel comfortable. Shoot, we don't even think we'd trust downloading the egg timer app this company makes. There's just too big a chance this app comes with *Privacy Not Included.
Tips to protect yourself
- Add a PIN for your calendar if someone else might be using your phone/other device
- When you no longer use the app, go to "Delete all data and reset" in the app menu
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
What can be used to sign up?
What data does the company collect?
Moods, symptoms, temperature, weight, sexual activity, contraception used, medicine taken, etc.
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known privacy or security incidents discovered in the last 3 years.
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Managed to sign up with "1" as a password
If you believe you’ve found a security vulnerability in the software please email it to [email protected]
Got a comment? Let us hear it.