Who’s tracking your fitness tracker? We asked an expert

whos tracking your fitness tracker fitbit charge hr
If you wear a fitness tracker, are you confident that the data it collects about you is private? You may not care if everyone knows how many steps you took yesterday, in fact, you might be proudly posting your total on social media, but as fitness wearables grow more sophisticated, they collect more and more information about our health and our movements. Can your data can be bought or stolen?

More than 274 million wearables will be sold worldwide this year, according to Gartner, and many of them are collecting data on our activity, our movements, and even our heart rates and sleeping patterns. Because fitness wearables tend to be simpler than smartphones, they also tend to have weaker security. So is all your personal fitness data really safe? We asked the experts.

Is your personal activity data being bought and sold?

A number of popular fitness tracking devices transmit your data in a way that’s open to interception or tampering, and the devices themselves can potentially be used to track your movements and profile you, according to a recent report entitled Every Step you Fake: A Comparative Analysis of Fitness Tracker Privacy and Security. The report was published by a Canadian not-for-profit group called Open Effect, with help from Citizen Lab at the Munk School of Global Affairs and the University of Toronto.

The non-profit tested the Apple Watch, Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2, and Xiaomi Mi Band. Every single one of them, except for the Apple Watch, emitted a unique code at regular intervals, transmitted over Bluetooth, which could be captured and associated with a location and a time. Tracking your movements in big stores via Bluetooth and Wi-Fi is fast-becoming a common practice.

“We are unclear how fitness data is being used by a variety of fitness tracking companies.”

“Imagine all this tracking is done by only a handful of companies, and retailers across the nation all use these companies for tracking services,” Andrew Hilts, Executive Director of Open Effect, told Digital Trends. “These companies could have incredibly detailed records of where you were at a given time and place. Now, law enforcement or hackers could potentially get access to this data and suddenly have a very valuable source of intelligence about individuals’ whereabouts.”

There are also risks that your data itself is accessible or, in some cases, may be actively sold to interested parties. Many of the privacy policies attached to these devices and services lack clarity about how data is being used or whom it might be shared with.

“We are unclear about how fitness data is being used by a variety of fitness tracking companies. Jawbone, for instance, in its policy, claims that your data might be transferred to third parties for the purposes of a ‘business deal,’” explains Hilts. “We do know that insurance companies are often partnering with fitness tracking companies, or utilizing their APIs, to develop programs to give people different insurance policies depending on their fitness data. We’ve also seen cases of fitness data being used in court.”

What are companies doing with your data?

It’s easy to see why insurance companies might want to get their hands on your fitness data when deciding on your life insurance premiums. That data could also potentially be used to deny claims or even disability benefits. Some may argue that this kind of enforced honesty would be a good thing — but what if unknown parties can access the data or even alter it?

The researchers were able to create proof-of-concept applications that tricked Jawbone and Withings servers into accepting false fitness band information. If this kind of data is going be admissible in court cases or be analyzed to determine insurance premiums, then its integrity needs to verified.

vivofit-2-gcm

There’s also a risk that criminals could steal your data and sell it to the highest bidder.

“Garmin Connect had the most worrying security issue, in that fitness data transmissions over the Internet did not employ transit-level encryption,” explained Hilts. “Anyone operating a mobile hotspot at a cafe or your IT department at work could potentially have scooped that up.”

Thankfully, Garmin has since updated its Connect app to use HTTPS for all transmissions, closing that particular loophole. But many of the issues exposed by the report remain.

It’s not a major surprise that Apple came out of the report unscathed; its commitment to user privacy is clear for all to see in the current battle with the FBI. But there’s a serious question about how seriously many other fitness-tracking companies are taking user security and privacy.

“We heard multiple cases where fitness tracking companies said, ‘Oh, this is the first we’re hearing about these concerns.’ I highly doubt that’s the case, but it’s important for tracking companies to realize that privacy and security are high priorities for consumers,” says Hilts. “If there’s a problem with the design of a model of a car, you wouldn’t expect drivers to fix the problem; there’d be a recall and companies would be expected to fix the issue. Fitness tracking companies can do this by issuing firmware and software updates in response to consumer demands.”

How is this legal?

The legal implications of these security flaws are unclear. In Europe, a new law has been proposed that would subject the data being collected by fitness trackers to the same regulations as medical records. Unsurprisingly, there’s a lot of resistance to that idea.

In the States, the FTC weighed in on data collection via the wider Internet of Things trend, with some pertinent warnings about fitness wearables and recommendations for manufacturers, but concluded that “IoT-specific legislation at this stage would be premature.”

Privacy advocates are adamant that it’s the thin end of the wedge, and action must be taken now.

“It’s important for tracking companies to realize that privacy and security are high priorities.”

“The industry should consider forming a cross-organizational security and privacy working group, where they can share best practices and stories to help cultivate a strong community of practice when it comes to privacy and security, and advance the entire industry forward,” suggests Hilts. “Governments should consider whether or not fitness tracking data constitutes health information, and therefore is subject to more stringent requirements when it comes to security measures. We’re of the opinion that it should be categorized as health information.”

This is still a relatively new area, and the full extent of the risks is unknown. Many users of fitness trackers will feel the current risk is small, and possibly outweighed by the benefits. But put this data together with the data that advertisers are collecting about our browsing habits, and then apply some of the techniques they’ve been using to group our personal devices and identify us as individuals, and you end up with frighteningly detailed profiles of our movements and habits.

It only takes a single hack or leak to de-anonymize those profiles. With such a lack of transparency about what’s happening to our data behind the scenes and how it’s being shared, complacency now could really come back to bite us in the future.

Mobile

The best CES 2019 health gadgets combat stress, pain, and more

We can all use some help with our health and CES 2019 was packed with intriguing devices designed to combat pain and stress, help you monitor blood pressure, reduce tinnitus, and care for the sick or elderly.
Deals

Start your fitness journey with the best Fitbit deals available now

If you're ready to kick-start your fitness regimen (or just take your current one to the next level), we've created a quick rundown of the best, most current Fitbit deals to help you decide which one is best for you.
Deals

Before buying a Fitbit or Apple Watch, check out these fitness trackers under $50

Fitbit and Apple Watch are top of the line when it comes to fitness trackers but if you want to save, we have alternatives. If 2019 is the year you keep track of your health and budget your expenses, then take a look at these fitness…
Product Review

Garmin’s 4G LTE VivoActive 3 keeps you safe when you’re out on the trails

Garmin takes its already great VivoActive 3 Music fitness smartwatch and adds a 4G LTE connection, courtesy of Verizon. The watch now has streaming music, independent GPS, and best of all, SMS support and various safety features. We’ve…
Mobile

You'll soon be able to pay for goods with the Motiv smart ring

Remember Motiv's activity tracking smart ring? It's back with a raft of new features that adds biometric identification and token authentication, all on a device that fits on your finger.
Wearables

One night with this sensor on your head could change your sleep forever

Get past the fact you’ll be in bed with a sensor on your forehead, and the Beddr SleepTuner may be the first step in curing your sleep problems and improving your overall health.
Wearables

Think this smartwatch doesn’t have a screen? Think again

This looks like a regular chronograph watch, but it holds a secret: It's really a smartwatch and even has a hidden screen, which is revealed only when you need it. We took a closer look at CES 2019.
News

Digital Trends Top Tech of CES 2019 Award Winners

5G. A.I. Voice assistants. Metaverse. Yes, metaverse. CES 2019 slathered on the buzzwords thick and heavy, but beneath the breathless hype and bluster, there were amazing products to back it up, too. Except metaverse. C’mon Nissan, you…
Product Review

Mobvoi beefs up the battery on its affordable Ticwatch E2 and S2 Wear OS watches

Mobvoi is known to offer excellent, low-priced Wear OS smartwatches. At CES 2019, the company unveiled new entries into its Express and Sport range -- the Ticwatch E2 and Ticwatch S2.
Deals

It’s time to check out the best Apple Watch deals for January 2019

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Emerging Tech

Awesome Tech You Can’t Buy Yet: heat-powered watches, phone cases with reflexes

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Product Review

Apple brought ECG tracking to consumers. Withings is making it affordable

The Apple Watch Series 4 starts at $400, and the highlight function is the electrocardiogram, which has the potential to save lives. Withings’ new Move ECG has the same capability but at a fraction of the cost.
Deals

Walmart slashes prices on the Fitbit Versa smartwatch and Charge 3

We are officially halfway through January, and for a lot of us, that means the struggle to stick to our New Year's resolutions is in full force. Walmart is offering some great discounts on Fitbits to help you stay on track.