New: Period tracker Stardust rocketed to the top of Apple's app store over the weekend after Roe v. Wade was overturned. But the app shares the phone number of users (who give it when signing up) to a third-party analytics firm Mixpanel. w/ @sarahintampa
Stardust's new app came out today with its new encryption feature (it's a sign-in option, sign in by email and phone number still exists). I ran Stardust's new app through Burp and used the new data encryption option, and saw the encryption key sent back to Stardust via its API. https://t.co/NIlPDf99Vy
I'm not clear on why Stardust implemented this feature this way, or even what it's trying to achieve. But the fact that the encryption key is even sent — and presumably stored somewhere — means whatever data it is ostensibly protecting can be obtained using that key.