A German-made and apparently very popular medical app named Ada was found to share user data with trackers like Facebook, Adjust and Amplitude for example.
The study said: "19/24 (79 percent) of sampled apps shared user data. 55 unique entities, owned by 46 parent companies, received or processed app user data, including developers and parent companies (first parties) and service providers (third parties).
More than 33 percent provided infrastructure related services such as cloud services and 67 percent provided services related to the collection and analysis of user data, including analytics or advertising, suggesting heightened privacy risks.
Network analysis revealed that first and third parties received a median of three (interquartile range 1-6, range 1-24) unique transmissions of user data.
Third parties advertised the ability to share user data with 216 "fourth parties" and within this network (n=237), entities had access to a median of 3 (interquartile range 1-11, range 1-140) unique transmissions of user data. Several companies occupied central positions within the network with the ability to aggregate and re-identify user data.