Report: Apps give Facebook sensitive health and other data

Several phone apps are sending sensitive user data, including health information, to Facebook without users’ consent, according to a report by Wall Street Journal.

An analytics tool called “App Events” allows app developers to record user activity and report it back to Facebook, even if user isn’t on Facebook, according to report.

One example detailed by Journal shows how a woman would track her period and ovulation using an app from Flo Health. After she enters when she last h her period, Facebook software in app would send along data, such as wher user may be ovulating. Journal’s testing found that data was sent with an vertising ID that can be matched to a device or profile.

Although Facebook’s terms instruct app developers t to send such sensitive information, Facebook appeared to be accepting such data without telling developers to stop. Developers are able to use such data to target ir own users while on Facebook.

Facebook said in a statement that it requires apps to tell users what information is shared with Facebook and it “prohibits app developers from sending us sensitive data.” company said it works to remove information that developers should t have sent to Facebook.

development comes as Facebook is dealing with increased scrutiny over how it handles user data. Last week, British lawmakers issued a scathing report calling for tougher privacy rules for Facebook and or tech firms.

RE | Facebook Will Tell You If Someone Uplos Your Information For Targeting

Criticisms over privacy intensified nearly a year ago following revelations that w-defunct Cambridge Analytica data-mining firm accessed data on some 87 million Facebook users without ir consent. U.S. Federal Tre Commission has been investigating that flap as well and is reportedly in negotiations with Facebook over a multibillion dollar fine.

data-sharing is related to a data analytics tool that Facebook offers developers. tool lets developers see statistics about ir users and target m with Facebook s.

Besides Flo Health, Journal found that Instant Heart Rate: HR Monitor and real-estate app Realtor.com were also sending app data to Facebook. Journal found that apps did t provide users any way to stop data-sharing.

Flo Health said in an emailed statement that using analytical systems is a “common practice” for all app developers and that it uses Facebook analytics for “internal analytics purposes only.” But company plans to audit its analytics tools to be “as proactive as possible” on privacy concerns.

Hours after Journal story was published, New York Gov. Andrew Cuomo directed  state’s Department of State and Department of Financial Services to “immediately investigate” what he calls a clear invasion of consumer privacy. Democrat also urged federal regulators to step in to end practice.

Securosis CEO Rich Mogull said that while it is t good for Facebook to have yet ar data privacy flap in helines, “In this case it looks like main violators were companies that wrote those applications,” he said. “Facebook in this case is more enabler than b actor.”

RE | Facebook Gets Creepy, Shows Search Results Only For Photos Of Your Female Friends, t Your Male Friends