Premom App Caught Sharing Loads of User Data

In a cruel but totally predictable twist, an app that virtually guarantees pregnancy within nine months or-your-refund was too good to be true.

A data privacy watchdog has discovered that an ovulation tracker, Premom, secretly shares user location data, ad IDs, and multiple device IDs from Android devices with providers. Chinese data for advertising companies. Some information cannot be revoked unless you destroy your device. Data from app analytics company Sensor Tower shows that Premom’s ovulation tracker was downloaded over 120,000 times from the Google Play Store and iTunes in July 2020 alone.

The Washington Post reported as the International Digital Accountability Council (IDAC), which led investigation, found no evidence that Premom shared health-related, but persistent, non-resettable information hardware identifiers are almost as bad. With the aforementioned location, the device and advertising data, companies could have inferred user identities, tracked browsing activity and the use of other applications—And in doing so, may well have developed behavioral profiles that include users’ assumed sexual identities, religious affiliations, political preferences, health status, level of education and income bracket. Premom’s privacy policy stipulate that it would be “Will keep your personal data confidential and we will not give or sell your information to third parties or unaffiliated companies without your consent.”

Premom, which is free in the Apple app and in Google Play stores, appears to generate revenue through its sister brand Easy @ Home: an Illinois-based company. online filing for home medical supplies, including drug tests and ovulation test strips, the latter being marketed as complementary products to the application. The first red flag, however, was the litany of data Premom said he collected, until a recent update in its privacy policy:

name, age, gender, date of birth, health information, email address, fertility information, social media account names, authentication information, inventory of apps installed on your device, phonebook or data contact data, microphone and camera sensor data, sensitive device data, and other information that you link to our Application.

He adds that users can “and may be required to” share information and give Premom access to third-party services. (Now, it says that users can opt out by emailing Premom, which an average user probably doesn’t know they can do.) It is particularly suspicious, the IDAC notes, that Premom would need a list other user applications, which can be used to profile users for ad targeting.

In a letter to Google, the FTC and the Illinois Attorney General, IDAC identifies Chinese companies Jiguang, UMSNS and Umeng as recipients of Premom data. Umeng, a company owned by Alibaba, analyzes and publishes application usage statistics reports, apparently for developers. Jiguang, also an analytics company, provides push notification software for apps, which IDAC says aggressively sucks up data without users knowing or without any clear method of stopping it. Not particularly reassuring, a spokesperson for Jiguang said in a statement shared with the Washington Post that it was “100% compliant with Chinese laws” as well as guidelines from the Apple App Store and Google Play. Gizmodo could not find any relevant information about UMSNS.

Protecting data privacy is a mess in the United States, and at this time there are no federal data privacy regulations. But Illinois, where Premom’s parent company, Easy Healthcare Corporation, is based, worked to pass data privacy legislation which would give consumers the right to delete the data and know with whom it was shared, similar to the historic policy adopted by California this year.

Google also explicitly prohibits the extent of data aspiration alleged in the IDAC letter, in particular the collection of advertising identifiers as well as device identifiers, without consent. According to the Washington Post, Google briefly removed the app from its store on August 6, after an investigation by the newspaper, but quickly restored it.

Supposedly, Premom updated the app and removed Chinese companies’ access to data, so now you can keep quiet in knowledge that Google Analytics and Facebook will take good care of you. Gizmodo has contacted Premom and IDAC and will update the post if we have any news.