Researchers say Premom shared data without user consent

IDAC claims Premom shared user data with Chinese advertising companies without user permission

Popular fertility app Premom has been found sharing data without user consent, according to the International Digital Accountability Council (IDAC).

To receive personalized analysis to help them conceive, Premom users are asked to upload details about their sexual health. The IDAC claims Premom’s Android app also collected vast amounts of user data and shared it with three Chinese advertising companies without permission. 

In a letter sent to the Federal Trade Commission (FTC) and the attorney general of Illinois, where Premom is headquartered, the IDAC alleges the data sharing was deceptive and potentially in violation of federal and state law.

Though many apps use third parties to collect data, IDAC researchers claim Premom users were unable to opt out of data sharing. IDAC claims is a violation of Google’s rules.

IDAC researchers found Premom collects each user’s location, persistent identifiers and lists of all the other apps installed on their device. It also tracks and shares IP and media access control addresses with all three Chinese companies. 

“Premom has not been forthcoming with their third-party data sharing practices. Users are not aware that their sensitive information has been shared with untrustworthy third-parties. Sharing precise geolocation data and non-resettable hardware identifiers with third-parties is not required for Premom to provide the services it advertises to users,” the letter reads.

Quentin Palfrey, the president of the IDAC, explained in an interview with The Washington Post, “There’s pretty extensive and sensitive data collection going on here with respect to a large number of users who don’t have any reason to know about this data collection.”

Palfrey added though there’s no evidence Premom is transmitting users’ health data to third parties, “It’s particularly concerning when we see this behavior with respect to an app that’s targeted at women trying to become pregnant.”

In response to the IDAC’s findings, Premom said it would stop sharing data with Jiguang, one of the Chinese companies identified by researchers, and revoked its access to the app.

IDAC researchers say Premom was sharing similar data with Umeng and UMSNS, two other Chinese companies. Premom claims it “does not currently use” either company. 

The app was temporarily removed from the Google Play Store on Aug. 6 but was back online the next day. A Google spokesperson explained the app violated its policies but didn’t elaborate on whether Premom made any changes before returning to the Google Play Store. Premom also claims the removal was unrelated to the IDAC’s allegations.

“We hope that Premom has — or will — take immediate steps to address all the concerns IDAC raised in its letters,” Palfrey stated. 

“Additionally, we hope that the FTC and the Illinois AG will look into our findings to determine if any further steps are necessary to prevent future misconduct, or to protect or compensate users who may have been harmed by Premom’s actions to date.”

In speaking with Premom users, The Washington Post found that while many were surprised by IDAC’s findings, not all Premom users are ready to delete the app. “You put all your data into it for months, you’re kind of stuck with it,” said Rachel, a Premom user. “I want that data to be there for my doctor.”

The FTC has yet to comment on IDAC’s findings. Meanwhile, the Illinois Attorney General’s office said it’s currently reviewing IDAC’s letter.

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Establishing a strong foundation for DataOps
Whitepaper

Establishing a strong foundation for DataOps

6 Jan 2022
Network virtualisation for dummies
Whitepaper

Network virtualisation for dummies

3 Dec 2021
Content syndication isn't dead, but your data processes might be
Whitepaper

Content syndication isn't dead, but your data processes might be

18 Nov 2021
Why faster refresh cycles and modern infrastructure management are critical to business success
Whitepaper

Why faster refresh cycles and modern infrastructure management are critical to business success

11 Nov 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
How to speed up Windows 11
Microsoft Windows

How to speed up Windows 11

7 Jan 2022