Instant Heart Rate: HR Monitor & Pulse Checker
We retested this app on 19.02.2019. The app still exhibits the behaviour documented below.
Disclaimer: Additionally the tested app may still share data with other third parties. This is outside the scope of this work.
From the Google Play Store page:
"Measure accurately your pulse and heart beat zone with your heart rate & health monitor after sleeping or during workouts & training. Instant Heart Rate doesn't require heart rate straps. Monitor blood circulation with accurate heart health monitor (similar to ECG or EKG). Functions similarly to pulse oximeters, detecting change in your finger to provide accurate heart beat measurements."
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.1/237733683041508?fields=supports_implicit_sdk_logging%2Cgdpv4_nux_content%2Cgdpv4_nux_enabled%2Cgdpv4_chrome_custom_tabs_enabled%2Candroid_dialog_configs%2Candroid_sdk_error_categories%2Capp_events_session_timeout%2Capp_events_feature_bitmask%2Cauto_event_mapping_android%2Cseamless_login%2Csmart_login_bookmark_icon_url%2Csmart_login_menu_icon_url&format=json&sdk=android HTTP/1.1
The app receives the following response from graph.facebook.com:
{
"supports_implicit_sdk_logging":true,"gdpv4_nux_enabled":false,"gdpv4_chrome_custom_tabs_enabled":true,"android_sdk_error_categories":[ {
"name":"login_recoverable","items":[ {
"code":102
}
, {
"code":190
}
],"recovery_message":"Please log in to this app again to reconnect your Facebook account."
}
],"app_events_session_timeout":60,"app_events_feature_bitmask":5,"seamless_login":1,"smart_login_bookmark_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yh\/r\/HyQ4Fq_iGUX.png","smart_login_menu_icon_url":"https:\/\/static.xx.fbcdn.net\/rsrc.php\/v3\/yR\/r\/xi3BPJ134MF.png","id":"237733683041508"
}
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"fb_sdk_initialize","_eventName_md5":"d470d22f237aee69843355edba5a8178","_logTime":1543680743,"_ui":"unknown","_implicitlyLogged":"1","core_lib_included":"1","login_lib_included":"1","billing_service_lib_included":"1"},{"_eventName":"fb_mobile_activate_app","_eventName_md5":"cb7f3b6cd294afce05ece615d43ea7b9","_logTime":1543680743,"_ui":"MainActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d","fb_mobile_launch_source":"Unclassified()"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Without any further user action, the app sends the following request to graph.facebook.com
format: json
sdk: android
event: MOBILE_APP_INSTALL
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"AA_storekitmanager-purchase-restore","_eventName_md5":"6f2903470b255a5fbbffe8adce5e8f05","_logTime":1543680746,"_ui":"MainActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: The app displays a screen instructing the user to place their finger on the phones camera, with a button saying "Get Started"
Test user action 2: The user selects "Get Started"
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"Aazbvariant - onboarding-age-gender-skip","_eventName_md5":"030218019fa48fedf81d2d7f122be023","_logTime":1543680861,"_ui":"DOBSetUpActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d","variant":"#AllSkip"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: The app ask the user to input their birthday
Test user action 3: The user inputs 01/01/1970
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"AA_Onboarding - Birthday","_eventName_md5":"6b105b899f070d2bb11760bdc5eeddf7","_logTime":1543680922,"_ui":"DOBSetUpActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d","Return":"1"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: The app ask the user to input their Gender
Test user action 4: The user selects Male
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"AA_Onboarding - Gender","_eventName_md5":"cc1dce15a92309f2ce2ec1db9f5bd4c6","_logTime":1543680952,"_ui":"GenderSetUpActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d","Gender":"Male"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: The app states setup is complete and displays a button labeled "next"
Test user action 6: The user selects next
Response from app: A screen is displayed with take measurement (Titled "Take your first measurement")
Test user action 7: The user selects take measurement
Response from app: The app prompt the user to allow access to the camera
Test user action 8: The user allow this access
Test user action 9: The user places their finger on the camera, and the app begins taking a measurement.
Response from app: The app crashes
Test user action 10: The user restarts the app
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"fb_sdk_initialize","_eventName_md5":"d470d22f237aee69843355edba5a8178","_logTime":1543681471,"_ui":"unknown","_implicitlyLogged":"1","core_lib_included":"1","login_lib_included":"1","billing_service_lib_included":"1"},{"_eventName":"fb_mobile_deactivate_app","_eventName_md5":"92255b491a4e25b5d809edcf3665affe","_logTime":"1543681041","_ui":"GenderSetUpActivity","_valueToSum":297,"fb_mobile_time_between_sessions":"session_quanta_1","fb_mobile_launch_source":"Unclassified()","fb_mobile_app_interruptions":"2"},{"_eventName":"fb_mobile_activate_app","_eventName_md5":"cb7f3b6cd294afce05ece615d43ea7b9","_logTime":1543681471,"_ui":"GenderSetUpActivity","_session_id":"d4356cfd-f11d-4b80-906a-17cb1014105e","fb_mobile_launch_source":"Unclassified()"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: The app ask the user to input their Gender
Test user action 11: The user selects Male
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"AA_Onboarding - Gender","_eventName_md5":"cc1dce15a92309f2ce2ec1db9f5bd4c6","_logTime":1543680952,"_ui":"GenderSetUpActivity","_session_id":"28ec4561-0ac8-4e36-9fb0-dda10323922d","Gender":"Male"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Response from app: A screen is displayed with take measurement (Titled "Take your first measurement")
Test user action 12: The user selects take measurement
Test user action 13: The user places their finger on the camera, and the app begins taking a measurement.
Response from app: The app takes a measurement of 54BPM (beats per minute)
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"Aazbvariant - premium-url","_eventName_md5":"83b5c8a68077592e93547c1fbe832cf6","_logTime":1543681550,"_ui":"unknown","_session_id":"d4356cfd-f11d-4b80-906a-17cb1014105e","variant":"#comparison"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Test user action 14: The user selects Next
Response from app: The App asks the user to sign up/Log in, with an option "Remind me later"
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"Aazbvariant - healthline_articles","_eventName_md5":"0feb885a2e26a6f250007ef46b5484cb","_logTime":1543681608,"_ui":"unknown","_session_id":"d4356cfd-f11d-4b80-906a-17cb1014105e","variant":"#Off"},{"_eventName":"Aazbvariant - healthline_articles","_eventName_md5":"0feb885a2e26a6f250007ef46b5484cb","_logTime":1543681611,"_ui":"unknown","_session_id":"d4356cfd-f11d-4b80-906a-17cb1014105e","variant":"#Off"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Test user action 15: The user selects Reminds me later
Response from app: The App asks the to open a new subscription
Without any further user action, the app sends the following request to graph.facebook.com
Form data:
format: json
sdk: android
custom_events_file: [{"_eventName":"Starter Kit v2 - Start Free","_eventName_md5":"087afb3b1f150f6d50aa3225e82ae563","_logTime":1543681722,"_ui":"UpgradeStarterKitActivity","_session_id":"d4356cfd-f11d-4b80-906a-17cb1014105e"}]
event: CUSTOM_APP_EVENTS
advertiser_id: 474364c6-e9cf-4971-8dd2-b1dc3c605450
advertiser_tracking_enabled: true
installer_package: com.android.vending
anon_id: XZ8dc0bb83-e82b-4daf-a987-34b49806416f
application_tracking_enabled: true
extinfo: ["a2","si.modula.android.instantheartrate",5052,"5.36.5052","8.1.0","Nexus 5","en_GB","GMT","",1080,1776,"3.00",4,13,8,"Europe\/London"]
application_package_name: si.modula.android.instantheartrate
With the response:
{
"success":true
}
Test user action 16: The user closes the application
Response from app: No futher data is sent or received by the app from graph.facebook.com
Note 1: In the videos below, the clocks between the VirtualBox Virtual Machine and the Phone handset are not synchronised.
Note 2: The phone videos are split into multiple parts due to a 180 second limitation in Android Developer Bridge screenrecord command