Stardust App Shared User Health Data With Analytics Firm

TECHNOLOGY
Whalesbook Logo
AuthorRiya Kapoor|Published at:
Stardust App Shared User Health Data With Analytics Firm

The Stardust period-tracking app has been found sharing sensitive health information, including reproductive goals and symptoms, with a third-party analytics company. This practice contradicts the app's privacy marketing, raising significant concerns about data security and potential access by law enforcement.

Stardust, a popular period-tracking application that heavily markets its commitment to user privacy, has been identified sharing sensitive health information with an external analytics firm. New research conducted by Mozilla revealed that the application transmitted personal details, including birthdates, birth control methods, reproductive goals, and user-reported symptoms, to an entity called RudderStack.

Data Practices and Privacy Concerns

The investigation highlights a discrepancy between Stardust's public privacy claims and its actual technical practices. The data sent to RudderStack was reportedly linked to unique identifiers. While these identifiers are sometimes used to track app performance, regulatory bodies like the U.S. Federal Trade Commission have consistently cautioned that such data can often be traced back to individuals, meaning it is not truly anonymous.

While a spokesperson for Stardust informed media outlets that RudderStack is contractually prohibited from selling or repurposing this data, the situation raises broader questions for users of health-focused apps. Because both Stardust and its analytics provider are based in the United States, they remain subject to legal demands for user information, which can include requests from law enforcement agencies.

Historical Context of Privacy Questions

This is not the first time Stardust has faced scrutiny over its data handling. Following the 2022 U.S. Supreme Court decision regarding abortion access, the app experienced a sharp increase in popularity. During that period, Stardust marketed itself as using end-to-end encryption, claiming that the company itself could not access user data. However, subsequent technical analysis of the app's network traffic by security researchers suggested that these specific encryption claims were inaccurate.

What This Means for Users

The findings from this research underscore the risks associated with applications that collect and share health-related information with third-party service providers. For users, the primary monitorable is the transparency of an app's data-sharing policy versus its marketing claims. As health apps continue to collect granular personal data, regulators are increasingly focused on whether companies provide users with sufficient notice and control over how their information is processed by background services.

Mozilla’s research team highlighted that other alternatives exist, such as the app Euki, which is designed to keep health data stored locally on the user's device without sharing it with third parties. Investors and users alike should continue to track whether Stardust updates its technical practices or disclosures in response to these findings, as persistent privacy concerns can significantly impact user trust and the long-term viability of consumer-facing health technology platforms.

Disclaimer:This article is published for informational purposes only. While reasonable efforts are made to ensure accuracy, completeness, and timeliness, readers are encouraged to independently verify information before making any decisions based on the content. The views and information presented are subject to editorial review and may be updated without notice.