Mozilla Flags Stardust for Sharing Sensitive Health Data
3 min read
A new privacy investigation by Mozilla has raised concerns about the popular period-tracking app Stardust, alleging that it shares users’ sensitive health information with a third-party analytics provider despite promoting strong privacy protections.
On its website, Stardust states, “Your data is private. Period.” However, Mozilla’s latest research suggests that some user information is being transmitted to analytics company RudderStack, prompting fresh questions about data privacy in health-tracking apps.
Research Reveals Health Data Sharing
According to Mozilla’s findings, Stardust shared several types of sensitive information with RudderStack. The data reportedly included a user’s birthdate, birth control method, reproductive goals, and specific symptoms they recorded within the app.
Rather than using a person’s name, the information was linked to a unique identifier. However, the U.S. Federal Trade Commission (FTC) has previously warned that replacing names with identifiers does not make personal data truly anonymous and may still allow individuals to be identified.
The report highlights the growing privacy concerns surrounding period trackers and other health applications that collect highly personal information.
Hidden Data Transfers Raise Privacy Concerns
Mozilla noted that many apps communicate with third-party services in the background, making these data transfers largely invisible to users.
While developers commonly rely on outside companies for services such as analytics, cloud storage, and payment processing, sharing sensitive health information with external providers carries inherent risks. These include possible security breaches, unauthorized access, or legal requests from law enforcement seeking user information.
The research serves as another reminder that users should carefully review how health apps handle personal data before sharing sensitive information.
Privacy Claims Face Fresh Scrutiny
This is not the first time Stardust has faced questions about its privacy practices.
The app gained widespread popularity in 2022 after the U.S. Supreme Court overturned the constitutional right to seek an abortion, leading many people to look for privacy-focused period tracking apps.
At the time, Stardust claimed that its platform was protected with end-to-end encryption, meaning even the company itself could not access user data. However, TechCrunch previously analyzed the app’s network traffic and reported that the company’s encryption claims were inaccurate.
Mozilla security researcher Shoshana Wodinsky used a similar network traffic analysis to examine six popular period-tracking apps and determine how they handled user information.
Stardust Was the Only App Sharing Health Data
Among the six apps tested during Mozilla’s investigation, Stardust was the only application found to be transmitting users’ sensitive reproductive health data to another company.
According to comments quoted by BBC News, a Stardust spokesperson said RudderStack is “contractually prohibited from selling or using it for its own purposes.”
However, Mozilla pointed out that because both Stardust and RudderStack are U.S.-based companies, they may still be required to provide stored user information if requested by law enforcement.
Company Declines Further Comment
TechCrunch reported that Stardust founder Rachel Moranis did not respond to requests for comment regarding Mozilla’s findings or questions about whether the company has ever received requests from law enforcement seeking user data.
Although a company spokesperson confirmed receiving the inquiry, no additional statement was provided.
Mozilla Recommends an Alternative
Mozilla’s research also identified one app that stood out for its privacy protections.
Among the six period-tracking apps examined, Euki received Mozilla’s strongest recommendation and was described as “squeaky clean.” Researchers found no evidence that Euki shared user data with third parties while using its core features. The report also noted that users’ health information remained stored locally on their own devices instead of being transmitted to external servers.
As concerns around digital privacy continue to grow, Mozilla’s findings highlight the importance of understanding how health apps collect, store, and share personal information. For users relying on period trackers, transparency and strong privacy protections remain key factors when choosing an app.
Also read : India Unveils Billion-Dollar Plan to Boost Smartphone Manufacturing
