Hacker News new | past | comments | ask | show | jobs | submit login

Per the author on Twitter (https://twitter.com/samschech/status/1098981978462961670):

> A few seconds after the app finished measuring my pulse, I saw it pop up in the network traffic headed to Facebook: \"heartrate\":56,\"

What Facebook endpoint lets the app developer accept arbitrary customer data? What does Facebook do with that data? Do they tie it to the user?

It's an analytics feature like those offered by Google and a dozen other analytics SDKs:



Which, in my opinion, means that the blame should really go the app developers of these apps.

Who are those people that think it is a good idea to send your medical details (the article also mentions "Flo Period & Ovulation Tracker", which apparently sends whether you may be ovulating to Facebook) to a third-party, let alone Facebook?

(Actually, at least for Android apps there is a answer to who these people are... and there are quite a lot of them: https://reports.exodus-privacy.eu.org/en/trackers/66/)

If this list is really a list of companies sending personal data to FB, then this is rather appalling!

It's increasingly obvious that iOS and Android need to restrict network connectivity of apps because it's being seriously abused.

Unfortunately this problem is escalating because too few people give a damn about their own privacy, drowning out the voices who do care, deeply, about this issue.

A proper user configurable firewall is the obvious answer, but perhaps also adding limits that an app can only phone home to the domain that the app was signed with.

I feel that both Apple and Google are deliberately perpetuating this problem for financial gain, and should be held accountable as well.

Edit: grammar

facebook analytics?

Why don't they analyze the data themselves instead of sending such personal information to FaceBook?!

If they don't have the available resources/capabilities to build or self host an analytics platform, do they really need that data analyzed?

Have their users explicitly allowed them to send such data to Facebook? Why not use a company that has a better record in respecting peoples' privacy. No wonder why things like GDPR exist!

While I agree this is not a good thing you could say the same thing about the 100s of millions of sites and apps that use Google Analytics.

True, but this is extremely personal information. Google has information on whether or not you are searching for information on breast cancer treatments. Combine with some health/fitness analytics and they can probably deduce whether or not you have breast cancer, and not a family member.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact