Several popular apps harvest highly sensitive information including body weight, period cycles and pregnancy.
However they have been revealed to be sending users' data to Facebook, The Wall Street Journal reports, in the latest example of technology companies sharing personal information.
- Fitbit to start tracking menstrual cycles
- Phoning it in: I tried letting apps run my life
- Australian teenager developing application to help stop text neck stress injuries
These apps include Flo Period and Ovulation Tracker, BetterMe: Weight Loss Workouts, Breethe and Instant Heart Rate: HR Monitor.
They used a Facebook analytics tool called App Events which allows developers to track user activity. This information can then be used to allow advertisers to target them.
Popular period-tracking app Flo "told Facebook when a user was having her period or informed the app of an intention to get pregnant," according to The WSJ.
This data "was sent with a unique advertising identifier that can be matched to a device or profile".
A Facebook spokesperson said its policies for developers are supposed to prevent developers from sharing the health data they acquire with the social network giant.
"At Facebook, we require app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data," they said.
"We also take steps to detect and remove data that should not be shared with us."
In a statement, Flo said it used Facebook's analytics tool "for internal analytics purposes only: to study user behaviour, provide users with the best possible experience and develop a product".
However it says it will stop sending this kind off app data to Facebook.
"We have released app updates for iOS and Android that don't send any custom app events to any external analytics system, including Facebook Analytics," a Flo spokesperson added.
Since the WSJ report was published, New York Governor Andrew Cuomo has ordered an investigation into any privacy breaches.
"According to the report, a wide range of apps are sending highly personal data to the social media giant apparently without users' consent and even when users are not logged in through Facebook," he said in a statement.
"This practice, which in some cases clearly violates Facebook's own business terms, is an outrageous abuse of privacy.
"New Yorkers deserve to know that their personal information is safe, and we must hold internet companies - no matter how big - responsible for upholding the law and protecting the information of smartphone users."