Period tracker Stardust has been found to be sharing users’ sensitive health information with a third-party analytics firm, according to research by Mozilla. The shared data includes birthdate, type of birth control and specific symptoms linked to a unique identifier.
Mozilla’s findings highlight the security and privacy risks associated with apps that share user data. Often this happens without the user being aware, as it occurs in background activities within the app. Sharing such information can lead to potential security lapses, data breaches or legal demands for users’ health information stored on company servers.
Stardust’s claim of end-to-end encryption was previously debunked by TechCrunch, showing that even supposedly secure apps may have vulnerabilities. In response, Stardust stated that RudderStack is contractually bound not to sell the data or use it for its own purposes. However, both companies can still be compelled to provide user information under legal demands.
Among six period trackers tested by Mozilla’s security researcher Shoshana Wodinsky, only Stardust was found to share users’ sensitive health data with another company. Euki, on the other hand, was recommended as a safe option due to its lack of third-party data sharing and strong privacy practices.
This revelation raises important questions about privacy in the digital age, where apps we use daily may be trading our personal information for services without our explicit consent or knowledge.







