Health and fitness apps or wearables are more and more common these days. Everyone seems to be sharing on social media their biking mileage, their running route or the number of steps they took in a day.
Besides the more social aspect of these apps, they also turn out to greatly improve people’s lives, since they help them keep track of their physical and physiological data and motivate others be more active as well. Which is why they can be very useful.
However, many of these apps present important privacy dangers and if you are not careful, your data could end up in the wrong hands! Insurance brokers, for instance, could pay valuable sums to gain access to this precious information.
The numerous security risks and the need for best practices
According to a recent study conducted by researchers at the University of Toronto, there are several security and privacy risks associated with wearable fitness trackers.
For this study, the researchers studied eight wrist-worn trackers, and their related apps, among which: Apple Watch, Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone UP2, Withings Pulse O2, Xiaomi Mi Band and Mio Fuse.
Worryingly, the research concluded that “the fitness data generated by several wearable devices can be falsified by motivated parties, calling into question the degree to which this data should be relied upon for insurance or legal purposes. This confirms (…) that people could fraudulently input device data.”
That is why, the University of Toronto researchers recommend that the provenance of fitness tracking data needs to be carefully assessed when utilizing the info for non-personal fitness tracking purposes, such as when it is introduced in courts or used to increase or reduce a person’s insurance premiums.
Due to these increasing privacy concerns, more and more organizations from around the world are taking a stand and trying to force developers to take users’ privacy more seriously.
Kelsey Finch, Policy Counsel, Future of Privacy Forum highlights that “Some data collected from wearables may be relatively trivial, but other data can be highly sensitive”. That is why the US based think tank has created a set of best practices for consumer wearables and wellness apps and devices, accessible at this link.
- The prohibition of sharing personal fitness/health data to “advertising platforms, data brokers, or information resellers, even with express consent”
- The app developers must “make the covered data available to the user it refers to in a reasonably complete way as soon as reasonably practical and technically feasible, at little or no cost to the requester”
- The covered data “must not be maintained for longer than is needed for the reasonable operation of the app or service, or as long as the user maintains an account with the company”.
Our recommendations to you, the user
- Don’t share your jogging / biking routes on social media; these allow potential thieves to know your exact location.
- Keep the fitness and health data stored in your mobile private with the help of a VPN such as CyberGhost – it encrypts your entire Internet connection and doesn’t allow third parties to sneak a peek into your personal life.