Stardust jumped to the top of the U.S. Apple App Store after the Supreme Court ruled in favor of abortion rights.
The current version of the Stardust app is giving the phone numbers of its users to a third-party company in order to identify individual users.
50 years of constitutional protections for abortion rights in the US were overturned when the decision was made to reverse Roe. The decision has led to calls for users to uninstall their period- tracking apps from their phones, fearing the data collected by these apps could be used against them to prove an abortion was obtained illegally.
Others are abandoning their current period trackers and using apps like Stardust instead, as a result of the strong statement issued by the company. Stardust said it would implement end-to-end encryption so it wouldn't be able to hand over any of your period tracking data to the government, which helped to draw in hundreds of thousands of downloads over this weekend.
The network traffic analysis was done to understand what was happening in and out of the app. Stardust will share the user's phone number with a third-party service if they use their phone number to log into the app.
App developers use Mixpanel to track their app's usage and help identify errors or other ways to improve the app. Tracking how someone uses the app and sending the data back to the server is what it does. Stardust gave Mixpanel information about the phone that the app was installed on, the model and software version of the phone, and which cell carrier the phone was connected to.
Health data was not shared with Mixpanel during the network traffic analysis. Sharing a phone number that is tied to a specific user of a period- tracking app with a third party, like Mixpanel, could allow prosecutors to force the company to turn over that data even if Stardust claims that it can't.
According to Rachel Moranis, the current version of Stardust uses several data collection mechanisms that have been disabled or removed in the new version. In addition to not sending personally identifiable information to Mixpanel, we have disabled the ability of our users to be tracked.
Stardust is working on a way to allow users to sign in without being seen.
Stardust's privacy policy shows the app isn't as protected as it claims. The app gathers a lot of data about users, including through cookies and other technologies. If it must comply with or respond to law enforcement or a legal process or a request for cooperation, it may be able to reveal de-personalized data with some providers.
The part of the policy that insists that the company will never share users' ages or any data related to their health with any third parties, seems to have been broken by this.
Tech companies are bracing for a new regime under which they could face legal orders forcing the turnover of user data to state authorities. Some of the biggest tech companies haven't said how they would handle requests for data about people seeking or providing abortions. A rush to find apps and services that use end-to-end encryption has contributed to it.
According to data from app intelligence firm Sensor Tower, Stardust had 135,000 new installs on June 24th, a 4,400% increase over the previous day. The app hit the top spot on the U.S. App Store on June 25th. Stardust had more than 400,000 installs over the course of its lifetime.
The app's creators were asked how end-to-end encryption is implemented. According to Stardust founder Moranis, all traffic to our server is through standard sds and subsequent data storage on RDS using their built in sds and sds It is not clear if this implementation of end-to-end encryption would be considered a true end-to-end encryption.
A single coding flaw could undermine the protections of the users' data, which is why end-to-end encryption is often a time and resource intensive effort. It is not uncommon for companies that use end-to-end encryption to publish papers and technical notes explaining how their systems work in order to show that their systems are secure.
Moranis said that the company intends to publish its implementation along with a third-party audit once it is complete, but did not give a time frame. The results of the audit will be followed by techcrunch.
The company quietly changed its privacy policy again after we heard about Stardust.
The period tracking app industry was already found to have engaged in leaky data-sharing practices with third-party tracking and analytic firms. Flo had to pay a fine to the U.S. Federal Trade Commission for violating its own privacy policy. An investigation by The Wall St. Journal found that the app had lied about sharing non-personally identifiable information.
The Glow app had to settle with the state of California because it exposed women's medical information.
Consumer Reports said in May that a lot of apps still use third-party trackers and don't store consumers' data locally where it can't be shared or sold.
Period tracking apps don't have to comply with the Health Insurance Portability and Accountability Act.
Many period trackers released statements to make sure their data is safe with the threat of losing their entire user bases. Flo said that it will do everything in its power to protect users' data and privacy. The newAnonymous Mode feature will remove users personal identities from their Flo accounts.
Supreme Court overturns Roe v. Wade: Should you delete your period-tracking app?