Ostrzeżenie: *Prywatność dla tego produktu do nabycia osobno
Nope. That's the first word that comes to mind after researching this period and fertility tracking app made by India-based Plackal Tech. There is not a privacy or security ding we didn't assign to this period and fertilizing tracking app that says it makes tracking periods fun and easy. Free to download, Maya has some premium features users have to pay that cost around $4 a year. Maya tracks all sorts of things like sexual activity, period frequency, weight, body temperature, period symptoms, mood, and more. Unfortunately, Maya has a spotty track record of protecting all this very personal data it collects on their users. 2019 research by Privacy International found they shared lots of this personal, health information with Facebook. Yuck. That's the second word that comes to mind now when we think of this app.
Co się może stać, jeśli coś pójdzie nie tak?
Things your privacy researchers really don't like about Maya's period and fertility tracking app. One, they bury their privacy policy in their Terms of Service doc, making it really hard for an average person to find. Boo! Two, consent to use your personal information for the all the purposes they want seems to comes when you visit the platform and/or provide your information. Users might not realize they've given consent simply by doing those things. And there there is this gem mentioned in their privacy policy that raises eyebrows when it comes to consent, "You acknowledge and agree that even if You are not a registered User with Us, We may collect information about You, if a registered User has provided Us with Your information to facilitate services." Yuck!
Three, while they do say they won't share personal information about identifiable individuals to advertisers, they do say they do say they can share aggregate and/or anonymised information "to help advertisers reach the kind of audience they want to target" And they make use information the collect on you "to comply with our advertisers’ wishes by displaying their advertisement to that target audience." Maya goes on to say they can share users' information with sponsors, and/or business partners to send "newsletters, offers, information about new services, and other information." So, your information is potentially being shared with a fair amount of third parties and advertisers to reach you with more offers and even targeted ads. That's not so great.
Four, we also ding Maya because they don't mention any data retention details in their privacy policy. They do say users can delete their information from the app though, so if you use this app, maybe sure you reach out them and ask them to delete all your personal information. We're not sure they would do so otherwise.
All this is bad, but it's not the worst. The worst is yet to come!
Maya doesn't meet our Minimum Security Standards for a couple of reasons. First, they allow the super duper weak password of "1" to login to their app. Very bad form. And two, because we just couldn't tell if they do things like use strong encryption and have a way to manage security vulnerabilities.
But really, the worst thing Maya has done when it comes to protecting and respecting their user's privacy is when Privacy International discovered in 2019 that they were sharing some VERY personal information of their users with Facebook. BuzzFeed News reported Privacy International found Maya shared user data such as when a user last had sex, their use of contraception, the timing of their periods, their moods, and what symptoms they had such as cramping and swelling. Ick! Uhg! Bad! The report also found some data was being shared with Facebook even before a user had the change to agree to the app's privacy policy. When called out about sharing all this data, Maya responded by pointing out they it doesn't share any personally identifiable data with Facebook. Yeah, no. This is data that should never be shared with Facebook, ever. It also seems like data that wouldn't be super hard to re-identify.
Given all these knocks against Maya — they collect a metric ton of very personal information, they share that information with lots of places, they don't tell users how long they can retain that information, they only require a very weak password of "1" and don't meet our Minimum Security Standards, and they have a pretty bad track record of protecting their user's personal information, we'd say there is a whole lot that could go wrong if you use this app to track your periods and fertilizing. We have to say, Maya almost certainly comes with *Privacy Not Included.
Wskazówki, jak się chronić
- Add an App lock for your calendar if someone else might be using your phone/other device
- When you no longer use the app, go to "Delete account" in the app menu
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc. The app will not prompt you to use a strong password.
- Do not give access to your location in the app! When asked to provide location in the sign-up, first click 'Enable' and then chose 'Do not give location' in the drop down. Yes, very misleading!
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images and videos)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
Czy może mnie podsłuchiwać?
Aparat
Urządzenie: Nie dotyczy
Aplikacja: Tak
Mikrofon
Urządzenie: Nie dotyczy
Aplikacja: Nie
Śledzi położenie
Urządzenie: Nie dotyczy
Aplikacja: Tak
Czego można użyć do rejestracji?
Tak
Telefon
Nie
Konto firmy trzeciej
Nie
Jakie dane zbiera ta firma?
Osobiste
Name, e-mail address and other profile data, location (approximate or precise, depending on your usage).
Związane z ciałem
Symptoms, moods, the length of your menstrual cycles, and general information about your health such your weight, mood, temperature and/or any physical intimacy.
Społecznościowe
Jak ta firma wykorzystuje te dane?
Jak możesz kontrolować swoje dane?
Jaka jest znana historia tej firmy w zakresie ochrony danych użytkowników?
In 2019, UK-based advocacy group Privacy International discovered period-tracking apps including Maya sent women’s use of contraception, the timings of their monthly periods, symptoms like swelling and cramps, and more, directly to Facebook.
Before users could even agree to the apps’ privacy policies, Maya started sharing some data as soon they were opened, according to Privacy International.
Informacje o prywatności dziecka
Czy ten produkt może być używany bez połączenia z siecią?
Przyjazne dla użytkownika informacje o prywatności?
Privacy policy is buried in their terms of use document and hard to find on their website.
Odnośniki do informacji o prywatności
Czy ten produkt spełnia nasze minimalne standardy bezpieczeństwa?
Szyfrowanie
Silne hasło
Managed to sign up with "1" as a password
Aktualizacje zabezpieczeń
Zajmuje się problemami z bezpieczeństwem
Zasady ochrony prywatności
Czy produkt wykorzystuje sztuczną inteligencję?
Czy tej sztucznej inteligencji nie można ufać?
Jakie decyzje sztuczna inteligencja podejmuje o Tobie lub za Ciebie?
Czy firma jest przejrzysta w kwestii działania sztucznej inteligencji?
Czy użytkownik ma kontrolę nad funkcjami sztucznej inteligencji?
Dowiedz się więcej
-
Period Tracker Apps Used By Millions Of Women Are Sharing Incredibly Sensitive Data With FacebookBuzzFeed News
-
We asked five menstruation apps for our data and here is what we found...Privacy International
-
No Body's Business But Mine: How Menstruation Apps Are Sharing Your DataPrivacy International
-
These apps may have told Facebook about the last time you had sexThe Washington Post
-
Using A Period Tracking App? This Is Where All Your Personal Info GoesRefinery 29
Komentarze
Masz uwagi? Podziel się nimi z nami.