Ten Not So Fun Facts About Fitness Apps and Cyber Privacy

on

    


Fitness apps can add convenience and make it easier for runners and other athletes to track their training plans. But as with other apps, athletes need to be aware of privacy concerns. Photo by Tim Foster on Unsplash

Each week I set out to research and document ten "fun facts" on a topic loosely based on the two books I've reviewed that week.  "Loosely" being the operative word. 

This week I reviewed What I Talk About When I Talk About Running, Haruki Murakami's short book of well crafted reflections on running and writing, and April Falcon Doss' Cyber Privacya book that will give you a lot to ponder about your online privacy.

As a runner and a triathlete myself I am well aware of the benefits that can be found using fitness wearables and phone based apps. Fitness apps can make it easier for runners to track their progress against their 5K / 10K / Marathon training plans, allow you to share your workouts and fitness goals with friends and offer motivation for staying active or losing weight. 

But like everything else we do online, there are privacy risks and tradeoffs to using fitness apps and wearables that we all need to keep in mind.

Here then, are Ten Maybe Not So Fun Facts About Fitness Apps and Privacy:


Fitness Apps and Privacy

  1. US Military Info Revealed by Strava - One of the most publicized incidents of fitness apps compromising privacy has to be the reports from early 2018 that US military personnel were inadvertently revealing their locations, and the locations of sometimes secret military bases, simply by exercising while using the fitness app Strava. In January of that year, Strava publicly shared a "heat map" of fitness activity that had been uploaded to their software from wearable fitness devices, including Garmin watches and Fitbits. Very quickly it was realized that the heat map included activities recorded by US soldiers around the world, identifiable down to the individual soldier, raising security concerns for the military.


  2. Strava Privacy Issues Still Unresolved - Earlier this week (April 21, 2021) TechCruch published the results of testing done by cybersecurity firm Pen Test Partners. Their testing showed, that, even despite the publicity surrounding the US military story from 2018, fitness apps, including Strava, still do not use basic security measures, saying they found "no significant change" to Strava's privacy controls from their testing five years before.

  3. MyFitnessPal Data Breach - In March of 2018, weight loss and fitness app MyFitnessPal confirmed that it had been hacked and approximately 150 million accounts had been compromised. In this case, the hack did not include any fitness data, but it did include customers email addresses. Passwords were also stolen, but in "hatched" format, meaning that the hackers likely couldn't decipher them.

  4. Know That Your Fitness or Health App's Data Privacy Isn't Covered by US Law - As far back as 2016 news reports were highlighting the fact that data gathered from health and fitness apps you use on your phone or smart watch are not covered by the U.S. HIPAA (health data privacy) rules. Those rules only apply to medical providers. So when you use a fitness app to track your heart rate, your weight, height, blood pressure, your sleep or period cycles, or other data, the app maker is under no legal obligation not to share your data. Period trackers in particular have a poor privacy record


  5. What Privacy Policy? - In 2016 Reuters published findings on diabetes tracking apps, as one example category of the broader health and fitness app market. They found that, of the 211 such apps available for Android phones, only 41 even had a privacy policy, and of those, only 4 asked for permission to share the data their app collected. These apps are for the most part available without paying a fee, but app users still pay by having their data sold to marketers or other third parties, with no control over what happens to that data. 

  6. Amazon Halo Band - In 2020, Amazon debuted its Halo activity tracker. While Amazon bills the Halo as the "no fuss" tracking device, its been widely panned, for a number of reasons. Many reviewers raised concerns about the daily voice recordings and snapshots of "your scantily-clad body" that are required to take full advantage of the device, and which also raise privacy red flags. 

  7. Apple Requires "Self Reporting" of Fitness App Privacy - In December of last year, Apple announced a new labelling policy for fitness apps available in its App Store. Unfortunately, the criteria behind the labelling is self reported by each app maker. The penalty for not properly self reporting is "banishment from the App Store", though it's unclear what if any auditing efforts Apple is undertaking to determine which apps are appropriately reporting.

  8. Fitbit Sold to Google - Privacy Issues? - The Fitbit fitness tracker has had a pretty strong privacy track record when used on its own. However, as was seen in Fun Fact #1, when Fitbit data is synced to other fitness apps, your data privacy is dependent on those apps. And now, in January of this year Google completed its acquisition of Fitbit, leaving many Fitbit users convinced their app data would be used by Google for advertising, despites Google's claims otherwise. Even if Google's "no ads" promise holds, Fitbit user data like location, friends lists, messages and other data is not covered by that promise and can be gathered and used by Google.

  9. Is My Data Even Correct? - In February, a Canadian privacy watchdog group, in partnership with the University of Toronto, published their results after testing the data security of eight different fitness trackers. While they generally found the Apple Watch the safest, they noted that devices from Garmin and Withings stored their data in ways that would allow for alteration or even deletion by attackers. In addition, devices from Jawbone and Withings allowed fitness records to be falsified, which might pose problems for data being used in conjunction with employee fitness programs, or where data is otherwise made available to insurance companies.

  10. What to Do, What to Do? - If the nine points covered so far have made you worry that you'll never be able to exercise again without compromising your privacy, take a look at this video. Techlore offers some useful advise and options to help you guard your privacy while still being able to take advantage of the world of fitness tracking.


So there you have it. Are you a user of fitness wearables or fitness apps? Are you satisfied with your digital privacy while using them? Leave a comment below.