> A few seconds after the app finished measuring my pulse, I saw it pop up in the network traffic headed to Facebook: \"heartrate\":56,\"
What Facebook endpoint lets the app developer accept arbitrary customer data? What does Facebook do with that data? Do they tie it to the user?
Who are those people that think it is a good idea to send your medical details (the article also mentions "Flo Period & Ovulation Tracker", which apparently sends whether you may be ovulating to Facebook) to a third-party, let alone Facebook?
(Actually, at least for Android apps there is a answer to who these people are... and there are quite a lot of them: https://reports.exodus-privacy.eu.org/en/trackers/66/)
It's increasingly obvious that iOS and Android need to restrict network connectivity of apps because it's being seriously abused.
Unfortunately this problem is escalating because too few people give a damn about their own privacy, drowning out the voices who do care, deeply, about this issue.
A proper user configurable firewall is the obvious answer, but perhaps also adding limits that an app can only phone home to the domain that the app was signed with.
I feel that both Apple and Google are deliberately perpetuating this problem for financial gain, and should be held accountable as well.
If they don't have the available resources/capabilities to build or self host an analytics platform, do they really need that data analyzed?
Have their users explicitly allowed them to send such data to Facebook? Why not use a company that has a better record in respecting peoples' privacy. No wonder why things like GDPR exist!