When you use an app to monitor your heartrate, track your period, or store any other private medical data, Facebook may be listening in.
That’s the result of a new Wall Street Journal investigation that revealed how Facebook collects data from 11 popular health data apps like Flo and Breethe — whether or not users signed into Facebook through the apps or even have a Facebook account at all.
When someone adds information to the apps, they send what’s called an “App Event” to Facebook in the form of a transmission that describes the device, location, and personal data ranging from “body weight, blood pressure, menstrual cycles or pregnancy status,” according to the WSJ. Usually, according to the investigation, Facebook is able to match that data with that person’s Facebook account.
The information can be added to Facebook’s profile of information on a given user that allows it to target people with specific advertisements.
Neither Apple nor Google require apps sold through their stores to tell people exactly what data it will collect or with whom they share it, the WSJ reports.
And while Facebook has repeatedly insisted that it values user privacy and that it urges apps not to share intimate medical information, the proof is in the pudding. For now, it may be reasonable to assume that nothing on an app is ever truly private.
READ MORE: You Give Apps Sensitive Personal Information. Then They Tell Facebook. [The Wall Street Journal]
More on Facebook: Facebook Reportedly Let Marketers Advertise to Nazis