Bangalore-based women’s period and pregnancy app Maya shared your sensitive medical and sexual information with Facebook, and with another third-party, shows research by UK-based group Privacy International. Maya essentially shared every single interaction between you and the app, starting from when you open it, to whether you have protected or unprotected sex, your period cycles, contraceptive pill use, how you’re feeling, and whether you have acne or breast tenderness — with Facebook, according to the research.
Maya was launched in 2014, and was acquired by Delhi-based women’s social network Sheroes in January 2019. It has seen 7 million downloads, has 1.2 million active users, is available in 14 languages, in 192 countries. “Facebook’s SDK for Android allows app developers to integrate their apps with Facebook’s platform and contains a number of core components: Analytics, Ads, Login, Account Kit, Share, Graph API, App Events and App Links,” said the research.
Maya also shared contraceptive pill usage data with Facebook. It also gathers intimate details about your sexual life and intimate life, requesting information such as whether you’ve had sex, and whether it was protected or unprotected. Unlike the other data, which was shared in a text format with Facebook, Maya encoded this data by qualifying protected sex as “2” and unprotected sex as “3”.
The app asks you to specify what you’re using it for. It accordingly asks how you’re feeling — stressed, sexy, sleepy, naughty, depressed, anxious, angry, forgetful. It also offers up symptoms — acne, breast tenderness, blood pressure, insomnia, weight loss/gain, among others. Maya then shared all this information with Facebook.
On collecting details of sexual intercourse, Maya told Privacy International this:
All data accessed by Maya are also essential to the proper functioning of the product. Predicting information pertaining to menstrual cycles is complex and dependent on thousands of variables
Maya also encourages users to enter their own notes and comments in a diary-like section and also in a reminders section. “As we conducted traffic analysis, we entered ‘something very sensitive entered here’ in the diary section of the app to see what would happen,” said Privacy International’s research, and found that what they wrote was shared with Facebook.
Shared data with third-party CleverTap
The research also found that Maya shared data with Wizard Rocket, a former name of a company now known as CleverTap, which described itself as “a customer retention platform that helps consumer brands maximize user lifetime value, optimize key conversion metrics, and boost retention rates.”
“We may share Your information with our sponsors, and/or business partners. Your Information could be shared so that you may receive newsletters, offers, information about new services, and other information, if applicable. The information collected from You and other users may be analysed in different manners.”
“Besides this general information, no other information is provided to users about the exact recipients with whom data might be shared, what this data could entail, and what these ‘different manners’ are. The users are not even told if this data [is] anonymised or not,” the research pointed out.
What Maya’s makers said
After Privacy International shared the report with Maya’s makers Plackal Tech, the company said it has removed both the Facebook core SDK and Analytics SDK from Maya. This latest version is live on Google Play Store and will be submitted to the Apple App Store for review by this weekend, said the company.