Page URL:

Fertility app Premom accused of sharing customer data without consent

24 August 2020
Appeared in BioNews 1061

The fertility app Premom has shared data with third-party Chinese companies without user permission, according to the International Digital Accountability Council (IDAC). 

The Android app collects health data of its users to provide advice to women trying to conceive. However, according to IDAC, its data-sharing with three companies is deceptive and may have breached data security laws.

'We believe there are material differences between what Premom states in its privacy policies and what our technical tests reveal,' claimed IDAC in a letter sent to the Federal Trade Commission and the Illinois attorney general, where the app's headquarters are based. IDAC stated that Premom shared user data with Chinese advertising companies without allowing users to opt out, as required by Google regulations.

There is currently no evidence that health data specifically has been passed on to third parties by Premom. However, the app can collect non-essential information such as user location and unique identifiers on user devices, which relay internet browsing activity and a log of app downloads. This information can then be used to personalise advertisements to the user and could potentially identify them in the event of a security breach.

Speaking to the Washington Post, president of IDAC Quentin Palfrey said: 'There's pretty extensive and sensitive data collection going on here with respect to a large number of users'. Palfrey added: 'It's particularly concerning when we see this behaviour with respect to an app that's targeted at women trying to become pregnant.'

Google Play removed Premom from its store while it investigated the allegations. The app has since been reinstated having revoked the access of one third-party company, Jiguang. The company countered in a statement that all of its methods are 'in compliance with Apple App store and Google Play store data collection rules and regulations.' It is unclear whether Premom is still sharing data with the remaining two Chinese companies identified by IDAC, Umeng and UMSNS. 

Dr Serge Egelman, computer security expert and Research Director at the Usable Security and Privacy Group at the University of Berkeley, California, commented on IDAC's findings. He told The Washington Post that 'the techniques are the ones you see with malware.' 

While security concerns have caused some users to delete the app, others are conflicted. One Premom user told the Washington Post: 'You put all your data into it for months, you're kind of stuck with it.' She explained: 'I want the data to be there for my doctor.'

A spokesperson and legal counsel for Premom, Desiree Moore, assured that the app 'prioritises the safety of its users' data above all', and is compliant with global data privacy laws.

A popular fertility app shared data without user consent, researchers say
Washington Post |  20 August 2020
Fertility app Premom reportedly shared customer data with Chinese companies
The Verge |  20 August 2020
30 November 2020 - by Michaela Chen 
One of the largest networks of fertility clinics in the United States has confirmed that it was targeted by a ransomware attack, resulting in a security breach of patient information...
10 August 2020 - by Martha Roberts 
What will happen to users' health data? Privacy advocates are concerned after Ancestry is bought by private equity group Blackstone...
22 June 2020 - by Georgia Everett 
Chinese authorities are collecting blood samples from across the country to build a genetic map of its roughly 700 million males...
15 October 2018 - by Annabel Slater 
DNA is effectively data. If we are concerned about the data stored on our phones and computers, on social media sites and government servers, should we extend our concern to our DNA? ...
to add a Comment.

By posting a comment you agree to abide by the BioNews terms and conditions

Syndicate this story - click here to enquire about using this story.