Monthly Tracking App Stardust: Is your data really safe?


The monthly tracking app Stardust claims that all its data is completely encrypted, but does this mean that users’ personal information is really safe with the app? Stardust is an astrology—based menstrual cycle tracking app that debuted on the Apple App Store last year. It became the most downloaded iPhone app in late June after the U.S. Supreme Court ruled in Roe v. Wade, overturning the constitutional right to abortion and immediately declaring abortion illegal in more than a dozen states.

After the fall of Roe v. Wade, many people are wondering if their monthly tracking data can be used against them in court if they seek an abortion in states where it is now prohibited. Concerned about their privacy, a lot of women on social media say they are either deleting monthly tracking apps from their phones or seriously considering doing so. It was here that Stardust attracted the attention of many users with its promise of end-to-end encryption and rose to the top of the list of downloads in the App Store.

Related: Why Sleep Tracking in watchOS 9 will Make Other Apps Unnecessary

In a press release at the end of June, Stardust stated that from June 29 it will implement end-to-end encryption, so it will not be able to transfer users’ personal data to the government, even if it is asked to do so. In an Instagram video, Stardust founder and CEO Rachel Moranis also stated that the company spent more than a month developing end-to-end encryption for the app. Perhaps this was done in anticipation of the verdict of the Supreme Court after the publication of a leaked draft court decision in the case of Dobbs v. Jackson Women’s Health Organization.

Stardust’s Controversial Privacy Policy

Despite Stardust’s claims about user privacy, TechCrunch found that the current version of the app transmits users’ phone numbers to a third-party analytics company. The disclosure raised concerns that the data could be used to positively identify users, which could create privacy concerns and legal problems for those seeking abortion help in some states. The report also claims that Stardust removed all mentions of end-to-end encryption from its privacy policy after the publication contacted the company for more information on this issue.

Even more worryingly, Vic’s Motherboard report claims that the original privacy policy stated that Stardust would comply with law enforcement requests for user data “regardless of whether it is required by law.” However, as soon as Motherboard became interested in politics, the company deleted this phrase and stated that it would cooperate with law enforcement agencies only “when required by law.” However, the policy still states that Stardust may, under certain circumstances, transfer anonymous user data to third parties. Users will have to wait and see if its policy is updated after end-to-end encryption takes effect on June 29.