Friday, 21 August 2020

Popular Fertility App Caught Selling Customer Data to Chinese Companies

Premom, one of the top pregnancy apps on both Android and Google Play, bills itself as a method of helping you “get pregnant quickly and naturally.” It offers fertility and ovulation tracking and asks individuals to upload detailed information about their sexual health in order to provide advice on the best time of the month to try and get pregnant.

It’s also been caught selling data to multiple Chinese companies, though thankfully, Premom’s medical data does not appear to have been part of what changed hands. Premom was selling information that’s more mundane — location data, information about what other applications are installed on one’s phone, and unique device identifiers that can be used to track individual users across multiple websites, like MAC addresses.

This research was performed by the International Digital Accountability Council, an independent non-profit organization that describes itself as “dedicated to ensuring a fair and trustworthy digital and app marketplace for consumers worldwide.” IDAC shared the research with the Washington Post. Because Premom is based in Illinois, which has a fairly strict data privacy law, the company may have broken state law by gathering and selling this kind of information without customer consent.

Premom is far from the only pregnancy app company to engage in this kind of behavior. Consumer Reports has found five top period tracking apps that share data with advertisers, including one, Ovia, which shares data with employers and insurance companies as part of wellness programs.

Premom had three Chinese partners: Jiguang, Umeng, and UMSNS. Jigunag’s access was cut off on August 6 after IDAC contacted the company, while Umeng and UMSNS had access up until June 19. One of the concerns of the privacy researchers is that Jiguang was transmitting data using customized encryption, similar to what TikTok was doing before it got caught in November 2019.

There are a lot of good questions one could raise at this point. Why are random Chinese companies buying location and personal data specifically about pregnant women? Why would the leaders at Premom believe that selling location and tracking data about its customers to Chinese companies was an ethical thing to do? Why would anyone want to buy it?

The thing is, though, all of these questions have answers. They are: Because all data is valuable to someone; because we’ve been conditioned to treat data as a valueless, dimensionless ambiguity and find it convenient to pretend information is never used to harm people; and because geographical data on the location of women who want to get pregnant can be easily combined with Google Maps to de-anonymize the information. It can also be used for generic types of advertising, which is the more common usage.

With a recession upon us, a company might choose to purchase data to indicate which of its employees might be trying to get pregnant so it could target them for “right-sizing.” Because it’s explicitly illegal to ask employees to volunteer this information, a firm might choose to buy the data instead. Since the only reason to download an application like Premom is if you want to have children, having the app on your device is effectively a declaration of intent.

The more mundane explanation — that the most likely use of data like this was for advertising — scarcely reassures. Once information is out on the market, it’s out. There is no federal privacy law that addresses the privacy problems caused by the modern internet. We already know that companies buy, sell, and share data from multiple sources; Facebook itself has shared user data with other firms like Amazon, Microsoft, Netflix, and Spotify. If you have someone’s location data, you know who they are. This has never been more true than in 2020.

It doesn’t matter if Premom operates its own business with the tightest set of privacy restrictions known to man — once you sell data, you have no control over how that information will be used, aggregated, or sold thereafter.

Given that pregnancy is a medical condition, and one for which women with unscrupulous employers are routinely targeted and harassed, pregnancy apps have no business selling location data under any circumstances whatsoever. According to Consumer Reports, no period tracking application it reviewed “met our privacy expectations.” All of these applications sell your data to third parties. Three of the five require real names.

Image by Consumer Reports

The problem here isn’t just that Premom sold this data to Chinese companies. It’s that the data was sold at all. We cannot rightfully criticize China’s data practices without acknowledging serious problems in how the US government and various US corporations are using data as well.

The Secret Service has spied on citizens via location data to gather information it was legally barred from accessing without a warrant. The Erie County police department (along with others across the country) has acknowledged deploying devices like Stingrays without mandatory court oversight. Police departments now work hand-in-glove with license plate reader manufacturers to track individuals for corporate debt-collection purposes. At both the business and corporate level, location data is increasingly wielded against people who may have no idea they are even being tracked.

No, the United States is not China — but that doesn’t mean we’re setting any kind of good example when it comes to properly balancing shifting standards around digital privacy and the entirely reasonable expectation that downloading an app isn’t the same as volunteering to have intimate details of one’s life associated with unique identifiers and a location tracker. Just because Premom sells data for advertising purposes doesn’t mean it only gets used for advertising purposes.

Now Read:



No comments:

Post a Comment