Expecting (Targeted Ads)? Network Analysis of User Health Data Leakage in Fertility Tracking Apps

Adam Bates; Brad Reaves; Camille Cobb; Mahnoor Jameel; Shahanaasree Sivakumar; Yeeun Jo

arxiv: 2606.26276 · v2 · pith:F2UAOOECnew · submitted 2026-06-24 · 💻 cs.CR

Expecting (Targeted Ads)? Network Analysis of User Health Data Leakage in Fertility Tracking Apps

Yeeun Jo , Shahanaasree Sivakumar , Mahnoor Jameel , Camille Cobb , Adam Bates , Brad Reaves This is my paper

Pith reviewed 2026-06-29 04:36 UTC · model grok-4.3

classification 💻 cs.CR

keywords fertility tracking appsdata leakagenetwork measurementtargeted advertisinghealth data privacyAndroid appsmenstrual data

0 comments

The pith

Five fertility tracking apps send users' menstrual and pregnancy data to advertising services.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper performs a network measurement on 20 Android fertility apps to check how user health data flows to third parties during normal use. It records traffic from standardized interactions and finds explicit health data leaks plus targeted ad URLs in five apps. Other apps monetize with ads yet show no such leaks, and a few interact with ad services only minimally. This supplies concrete technical evidence that privacy outcomes depend on which app a user picks. The results matter because fertility data is highly sensitive and users often have little visibility into these flows.

Core claim

After systematizing features across the 20 apps, the study records TLS-stripped network traffic during controlled user interactions and identifies explicit leakage of user health data together with implicit leakage via highly targeted contextual advertising URLs in a subset of five apps.

What carries the argument

Network traffic recording of TLS-stripped requests generated by standardized user interactions across the fertility apps.

If this is right

Some apps achieve ad-based revenue without transmitting identifiable health data.
Privacy differences between apps are observable through network analysis rather than self-reported policies.
Users can avoid certain data flows by selecting apps that show minimal ad-network contact.
Technical measurements can confirm or refute user worries about fertility-app data handling.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Similar network checks could reveal whether leakage patterns appear in other categories of health or period-tracking software.
App stores might surface data-sharing summaries derived from traffic analysis to help users compare options.
Developers of ad-supported health apps could adopt the minimal-interaction patterns observed in the non-leaking examples.

Load-bearing premise

The lab setup with fixed user actions and stripped network captures fully represents the data sharing that occurs in everyday use.

What would settle it

Real-user sessions on the same apps in which no menstrual or pregnancy details appear in requests sent to known ad domains.

Figures

Figures reproduced from arXiv: 2606.26276 by Adam Bates, Brad Reaves, Camille Cobb, Mahnoor Jameel, Shahanaasree Sivakumar, Yeeun Jo.

**Figure 2.** Figure 2: Number of HTTP Requests by interaction session to different advertising network service types. Endpoint Role Requests Perc. Configuration 234 3% Conversion Tracking 146 2% Cookie Synchronization 60 1% Event Tracking 257 3% Get Ad 5,032 64% Impression Tracking 1,022 13% Static Content 979 13% Unclear 99 1% [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 4.** Figure 4: Number of HTTP Requests per App and Inter [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

**Figure 5.** Figure 5: In BabyCenter, the getAdsUserStage function in com.babycenter.pregbaby.api.model.ChildViewModel populates the csw and us custom parameters. for brevity and because they largely self-evident given their correlation with specific interaction sessions. A.1 BabyCenter The getAdsUserStage found in com.babycenter.pregbaby. api.model.ChildViewModel is responsible for populating the csw and us. As the APK retained… view at source ↗

**Figure 6.** Figure 6: In What to Expect, numerous functions in app/src/main/java/com/whattoexpect/ad/AdManager support the construction of query parameters that leak user health data. Expect. Once again, the combination of string literals and function names provides strong evidence that these values are being constructed based on dynamic user inputs. Notably absent from the AdManager code is is explicit logic for constructing c… view at source ↗

read the original abstract

While human factors in the privacy of fertility tracking apps -- health trackers that record users' menstrual or pregnancy data -- has been the subject of extensive study, little attention has been paid to the technical aspects of apps' data handling practices. We conduct a network-based measurement study of a corpus of 20 Android fertility tracking apps from the Google Play Store, focusing on how user data is shared with third party advertising services. After systematizing app features, we conduct a series of standardized user interactions across all apps in an environment that records TLS-stripped network traffic. In a subset of apps (n=5) we identify explicit leakage of user health data as well implicit leakage through highly targeted contextual advertising URL's. Equally importantly, we observe additional apps that use an ad-based monetization model without apparent leakage of user data, as well as several apps the interact only minimally with ad services. These findings provide technical grounding for widespread user concerns, but also underscore the importance of consumer choice in the privacy implications of app-based fertility tracking.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper measures network traffic from 20 fertility apps and reports explicit health data leakage in five plus some implicit ad targeting, but the methods are described at too high a level to assess the results.

read the letter

The main point here is that the authors ran network captures on 20 Android fertility tracking apps during standardized interactions and found explicit user health data leaving in five of them, along with some highly targeted ad URLs that suggest implicit leakage. They also note several apps that use ads without apparent data sharing and a few that barely touch ad services at all.

What the work does is apply standard TLS-stripped traffic recording to this app category after earlier human-factors papers. Systematizing features first and then looking for both explicit and contextual leakage gives some technical grounding that was missing before. The corpus itself is new, so the specific measurements add to the record even if the technique is routine.

The soft spots are mostly about missing detail. The abstract supplies no criteria for choosing the twenty apps, no list of the interaction scripts, and no description of how traffic was classified as health data or targeted. Without those pieces it is hard to know whether the positive findings are solid or whether the apps labeled clean really stayed clean. The stress-test concern lands: a fixed set of lab interactions can miss paths that only appear after longer use, specific health events, or ad-network callbacks. That leaves both the leakage cases and the no-leakage cases open to the completeness of the model.

This is aimed at mobile privacy and security researchers who track data flows in health apps. It is worth sending for peer review because the empirical angle is useful and the topic matters, though any review will need to press for the missing methodological specifics and possibly more varied interaction testing.

Referee Report

2 major / 1 minor

Summary. The manuscript reports a network measurement study of 20 Android fertility tracking apps from the Google Play Store. After systematizing features, the authors perform standardized user interactions in a controlled TLS-stripped traffic environment and identify explicit leakage of user health data plus implicit leakage via targeted contextual advertising URLs in a subset of 5 apps. They also report additional apps that monetize via ads without apparent leakage and several with minimal ad-service interaction, providing technical grounding for privacy concerns while emphasizing consumer choice.

Significance. If the measurements hold, the work supplies direct empirical observations of data flows to third-party ad services in a sensitive health domain. It credits the direct network recording approach and the balanced finding that ad-based monetization does not uniformly imply leakage. The study adds concrete technical evidence to the literature on mobile privacy, though its impact depends on the completeness and reproducibility of the interaction model.

major comments (2)

[Abstract / Methodology] Abstract and Methodology section: the headline claim of explicit leakage in n=5 apps (and absence in others) rests on traffic observed during standardized interactions, yet the manuscript supplies no details on app selection criteria, exact interaction scripts, traffic classification rules, or verification steps. Without these elements the support for the central claim cannot be evaluated.
[Results] Results section: the observations of both leakage and 'no apparent leakage' are sensitive to the coverage of the interaction model. The manuscript does not enumerate or justify how the fixed set of standardized interactions addresses potential conditional paths (cumulative usage history, specific health-event sequences, device state, or ad-network callbacks after prolonged sessions), which directly affects the reliability of the positive and negative findings.

minor comments (1)

[Abstract] Abstract: 'the interact only minimally' appears to be a typographical error and should read 'that interact only minimally'.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive comments, which identify key areas where additional detail and discussion will strengthen the manuscript. We address each major comment below.

read point-by-point responses

Referee: [Abstract / Methodology] Abstract and Methodology section: the headline claim of explicit leakage in n=5 apps (and absence in others) rests on traffic observed during standardized interactions, yet the manuscript supplies no details on app selection criteria, exact interaction scripts, traffic classification rules, or verification steps. Without these elements the support for the central claim cannot be evaluated.

Authors: We agree that the manuscript currently lacks these methodological details, which are essential for evaluating and reproducing the central claims. In the revised version we will expand the Methodology section to specify the app selection criteria (top apps by downloads and ratings with feature diversity), provide the exact standardized interaction scripts, detail the traffic classification rules used to identify explicit health data leakage versus targeted ad URLs, and describe the verification steps performed. This will directly support the claims with transparent evidence. revision: yes
Referee: [Results] Results section: the observations of both leakage and 'no apparent leakage' are sensitive to the coverage of the interaction model. The manuscript does not enumerate or justify how the fixed set of standardized interactions addresses potential conditional paths (cumulative usage history, specific health-event sequences, device state, or ad-network callbacks after prolonged sessions), which directly affects the reliability of the positive and negative findings.

Authors: We acknowledge that the reliability of both positive and negative findings is sensitive to interaction coverage and that the manuscript does not explicitly address conditional paths. We will revise the Results section to enumerate the performed interactions, justify their basis in the systematized feature analysis for typical first-use scenarios, and add a limitations discussion that notes the absence of prolonged-session or history-dependent testing while outlining implications for the reported leakage and non-leakage observations. revision: partial

Circularity Check

0 steps flagged

No circularity: direct empirical network measurement with no derivations or self-referential fits

full rationale

The paper is a measurement study that records TLS-stripped network traffic from standardized user interactions in 20 fertility apps and reports observed data flows to third-party services. No equations, parameters, or derivations are present. Claims rest on direct observation of external network behavior rather than any reduction to fitted inputs or self-citation chains. The method's coverage limitations (raised by the skeptic) concern experimental completeness, not circularity in a derivation chain.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Empirical measurement study; contains no mathematical model, free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5729 in / 1053 out tokens · 35811 ms · 2026-06-29T04:36:21.025712+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Reference graph

Works this paper leans on

14 extracted references · 1 canonical work pages

[1]

Menstruapps - how to turn your period into money (for others),

N. Felizi and J. Varon, “Menstruapps - how to turn your period into money (for others), ” https://chupadados .codingrights.org/en/ menstruapps-como-transformar-sua-menstruacao-em-dinheiro- para-os-outros-2/, 2017

2017
[2]

Quantifying fertility and reproduction through mobile apps: a critical overview

V. Rizk and D. Othman, “Quantifying fertility and reproduction through mobile apps: a critical overview.”Arrow for Change, vol. 22, p. 13–21, 2016

2016
[3]

“i did watch ‘the handmaid’s tale

N. Mcdonald and N. Andalibi, ““i did watch ‘the handmaid’s tale”: Threat modeling privacy post-roe in the united states, ”ACM Transac- tions on Computer-Human Interaction, vol. 30, no. 4, pp. 1–34, 2023

2023
[4]

“i deleted it after the overturn of roe v. wade

J. Cao, H. Laabadli, C. H. Mathis, R. D. Stern, and P. Emami-Naeini, ““i deleted it after the overturn of roe v. wade”: Understanding women’s privacy concerns toward period-tracking apps in the post roe v. wade era, ” inProceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–22

2024
[5]

Intimate data sharing: Enhancing trans- parency and control in fertility tracking,

A. I. Hudig and J. Singh, “Intimate data sharing: Enhancing trans- parency and control in fertility tracking, ” inProceedings of the 2025 CHI Conference on Human Factors in Computing Systems, 2025, pp. 1–24

2025
[6]

Collective privacy sensemaking on social media about period and fertility tracking post roe v. wade,

Q. Song, R. Ma, Y. Kou, and X. Gui, “Collective privacy sensemaking on social media about period and fertility tracking post roe v. wade, ” Proceedings of the ACM on human-computer interaction, vol. 8, no. CSCW1, pp. 1–35, 2024

2024
[7]

“our users’ privacy is paramount to us

Q. Song, R. H. Hernandez, Y. Kou, and X. Gui, ““our users’ privacy is paramount to us”: A discourse analysis of how period and fertility tracking app companies address the roe v wade overturn, ” inPro- ceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–21

2024
[8]

Explor- ing privacy practices of female mhealth apps in a post-roe world,

L. M. Malki, I. Kaleva, D. Patel, M. Warner, and R. Abu-Salma, “Explor- ing privacy practices of female mhealth apps in a post-roe world, ” in Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–24

2024
[9]

Unveiling privacy and security gaps in female health apps,

M. Hassan, M. Jameel, T. Wang, and M. Bashir, “Unveiling privacy and security gaps in female health apps, ” 2025. [Online]. Available: https://arxiv.org/abs/2502.02749

work page arXiv 2025
[10]

OpenRTB Integration,

G. D. Documentation, “OpenRTB Integration, ” 2026. [Online]. Avail- able: https://developers.google.com/authorized-buyers/rtb/openrtb- guide

2026
[11]

TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones,

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones, ” inProceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, ser. OSDI’10, Oct. 2010

2010
[12]

The Government Uses Targeted Advertising to Track Your Location. Here’s What We Need to Do

L. Cohen and H. Hongo, “The Government Uses Targeted Advertising to Track Your Location. Here’s What We Need to Do.” 2026. [Online]. Available: https://www.eff.org/deeplinks/2026/03/targeted- advertising-gives-your-location-government-just-ask-cbp

2026
[13]

*Privacy Not Included: Reproductive Health,

Mozilla Foundation, “*Privacy Not Included: Reproductive Health, ”
[14]

, " + ↩→a d d T r i m e s t e r ( stageDay ) ; 10} 11i f( stageDay . getStageName ( ) . e q u a l s (

[Online]. Available: https://www .mozillafoundation.org/en/ privacynotincluded/categories/period-ovulation-trackers/ A Explicit Data Leakage Source Code Verification To verify that suspicious query parameters explicitly leaked user health data, we conducted manual review of decompiled app source code. Foreknowledge of the specific (sub)strings of interest...

[1] [1]

Menstruapps - how to turn your period into money (for others),

N. Felizi and J. Varon, “Menstruapps - how to turn your period into money (for others), ” https://chupadados .codingrights.org/en/ menstruapps-como-transformar-sua-menstruacao-em-dinheiro- para-os-outros-2/, 2017

2017

[2] [2]

Quantifying fertility and reproduction through mobile apps: a critical overview

V. Rizk and D. Othman, “Quantifying fertility and reproduction through mobile apps: a critical overview.”Arrow for Change, vol. 22, p. 13–21, 2016

2016

[3] [3]

“i did watch ‘the handmaid’s tale

N. Mcdonald and N. Andalibi, ““i did watch ‘the handmaid’s tale”: Threat modeling privacy post-roe in the united states, ”ACM Transac- tions on Computer-Human Interaction, vol. 30, no. 4, pp. 1–34, 2023

2023

[4] [4]

“i deleted it after the overturn of roe v. wade

J. Cao, H. Laabadli, C. H. Mathis, R. D. Stern, and P. Emami-Naeini, ““i deleted it after the overturn of roe v. wade”: Understanding women’s privacy concerns toward period-tracking apps in the post roe v. wade era, ” inProceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–22

2024

[5] [5]

Intimate data sharing: Enhancing trans- parency and control in fertility tracking,

A. I. Hudig and J. Singh, “Intimate data sharing: Enhancing trans- parency and control in fertility tracking, ” inProceedings of the 2025 CHI Conference on Human Factors in Computing Systems, 2025, pp. 1–24

2025

[6] [6]

Collective privacy sensemaking on social media about period and fertility tracking post roe v. wade,

Q. Song, R. Ma, Y. Kou, and X. Gui, “Collective privacy sensemaking on social media about period and fertility tracking post roe v. wade, ” Proceedings of the ACM on human-computer interaction, vol. 8, no. CSCW1, pp. 1–35, 2024

2024

[7] [7]

“our users’ privacy is paramount to us

Q. Song, R. H. Hernandez, Y. Kou, and X. Gui, ““our users’ privacy is paramount to us”: A discourse analysis of how period and fertility tracking app companies address the roe v wade overturn, ” inPro- ceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–21

2024

[8] [8]

Explor- ing privacy practices of female mhealth apps in a post-roe world,

L. M. Malki, I. Kaleva, D. Patel, M. Warner, and R. Abu-Salma, “Explor- ing privacy practices of female mhealth apps in a post-roe world, ” in Proceedings of the 2024 CHI Conference on Human Factors in Computing Systems, 2024, pp. 1–24

2024

[9] [9]

Unveiling privacy and security gaps in female health apps,

M. Hassan, M. Jameel, T. Wang, and M. Bashir, “Unveiling privacy and security gaps in female health apps, ” 2025. [Online]. Available: https://arxiv.org/abs/2502.02749

work page arXiv 2025

[10] [10]

OpenRTB Integration,

G. D. Documentation, “OpenRTB Integration, ” 2026. [Online]. Avail- able: https://developers.google.com/authorized-buyers/rtb/openrtb- guide

2026

[11] [11]

TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones,

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones, ” inProceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, ser. OSDI’10, Oct. 2010

2010

[12] [12]

The Government Uses Targeted Advertising to Track Your Location. Here’s What We Need to Do

L. Cohen and H. Hongo, “The Government Uses Targeted Advertising to Track Your Location. Here’s What We Need to Do.” 2026. [Online]. Available: https://www.eff.org/deeplinks/2026/03/targeted- advertising-gives-your-location-government-just-ask-cbp

2026

[13] [13]

*Privacy Not Included: Reproductive Health,

Mozilla Foundation, “*Privacy Not Included: Reproductive Health, ”

[14] [14]

, " + ↩→a d d T r i m e s t e r ( stageDay ) ; 10} 11i f( stageDay . getStageName ( ) . e q u a l s (

[Online]. Available: https://www .mozillafoundation.org/en/ privacynotincluded/categories/period-ovulation-trackers/ A Explicit Data Leakage Source Code Verification To verify that suspicious query parameters explicitly leaked user health data, we conducted manual review of decompiled app source code. Foreknowledge of the specific (sub)strings of interest...