How Fitness Apps May Compromise Your Data

Hi, I’m Chris.

I’m here to help you through every step of your PRVCY journey.

Wether you’re already taking the PRVCY online courses or a new subscriber, I’ll post constant news and information based on our research to help you taking back control of you PRVCY!

Fitness apps have undoubtedly transformed the way we approach health and wellness. From step counters to calorie trackers, these applications provide a plethora of features that cater to our individual needs. Unfortunately, the popularity and widespread use of these apps have also attracted the attention of malicious entities looking to exploit users’ personal information.

When you download a fitness app and grant it access to your phone’s features, you might be unknowingly sharing a treasure trove of personal data. These apps often request permission to access your location, camera, contacts, and even health data. While this data collection is ostensibly for enhancing user experience and providing personalized insights, it opens the door to potential misuse.

The motives behind data theft in fitness apps can vary, but they generally fall into two categories: advertising and sale of personal information. Some companies collect user data to create targeted advertisements, bombarding users with products and services tailored to their interests. Others may sell the accumulated data to third parties, contributing to a shadowy market where personal information is a valuable commodity.

While it’s crucial not to generalize all fitness apps as potential threats, some companies may engage in unscrupulous practices to exploit user data. This could include:

Hidden Permissions: Apps may request unnecessary permissions during installation, allowing them to access more data than required for their stated purpose.

Poor Encryption: Inadequate security measures can make it easier for cybercriminals to intercept and exploit the data being transmitted between the app and its servers.

Third-Party Integrations: Apps often integrate with third-party services, increasing the risk of data exposure if these external entities have lax security measures.

Ambiguous Privacy Policies: Some apps may have lengthy and complex privacy policies that users often overlook. Companies can take advantage of vague language to justify extensive data collection practices.

There are some companies that especially have a red flag in privacy. Please don’t use apps from Google or Fitbit (actually bought by Google in 2021), in the same year where it was reported that health data for over 61 million fitness tracker users, including both Fitbit and Apple, was exposed when a third-party company that allowed users to sync their health data from their fitness trackers did not secure the data properly. Personal information such as names, birthdates, weight, height, gender, and geographical location for Fitbit and other fitness-tracker users was left exposed because the company didn’t password protect or encrypt their database.

The Peloton Case

Peloton became one of the go-to workout machines for those who could afford them during the pandemic. Peloton’s journey has been marked by a series of challenges. In early 2023, the company faced a significant setback when they agreed to pay a $19 million civil penalty due to a flaw in their treadmills that tragically resulted in the death of a 6-year-old in 2021.

Disturbingly, the United States Consumer Product Safety Commission revealed that Peloton had prior knowledge of incidents involving pull-under and entrapment in the rear of their treadmills, along with reports of injuries. Moreover, the CPSC alleged that Peloton continued distributing these hazardous treadmills even after issuing a recall. For users with these machines, Peloton has offered a safety guard, set to be available in early 2024.

Post-incident, Peloton implemented additional safety features, such as a four-digit passcode to prevent unauthorized access to their treadmills. However, this move came with a downside – a paywall. Unless users paid a subscription fee, their Peloton could only function as an expensive towel rack.

Although Peloton later reversed this decision, the broader issue of ownership and control over connected devices post-purchase remains a growing concern, particularly with a company that profits significantly from content sales to users of their workout equipment.

Privacy is another area where Peloton falls short. While they claim not to sell personal information for monetary gain, their U.S. States Privacy Notice, reveals potential data sharing practices that might be considered sales under those laws. Peloton’s admission to sharing sensitive personal information, including age, gender, usage patterns, and geolocation, with third-party advertising partners raises concerns about user privacy.

In terms of security, Peloton has experienced notable lapses. In early 2021, a system bug exposed personal user data on their servers, including gender, age, and location. Despite the severity of the issue, it took Peloton over three months to address the vulnerability, only doing so after a journalist brought it to their attention. Recent reports in the summer of 2023 suggest that Peloton may still have unresolved security issues, potentially enabling unauthorized access to sensitive information.

From a privacy perspective, the concern is heightened by the inclusion of cameras and microphones in Peloton’s expensive bikes, that have unauthorized access and privacy breaches.

PRVCY tips for the safe use of apps

Although the potential risks are worrying, there are steps you can take to protect your data when using fitness apps:

  1. Read privacy policies: Take the time to read and understand the privacy policies of the apps you use. Look for clear information about how your data is handled.
  2. Check app permissions: Regularly review the permissions granted to you for your apps and revoke access to unnecessary features.
  3. Choose reputable apps: Choose established and reputable fitness apps with positive reviews. Research the company’s track record in the area of data security.

Apps we recommend

  • Fitotrack – A privacy-friendly fitness tracker for Android Store or F-Droid.
  • OpenTracks – is a sports tracking application that fully respects your privacy.
  • wger A free, open-source, self-hosted web application that manages your exercises, workouts and nutrition.
  • workout.lol – A small web application that allows you to create workouts based on your available equipment and the muscles you want to train.

To summarize, fitness apps offer users incredible convenience and motivation on their journey to a healthy lifestyle. However, it is crucial to be aware of the potential risks associated with data security. By staying informed and implementing best practices for safe app use, you can enjoy the benefits of fitness apps without the risk of your personal information falling into the wrong hands.

Latest PRVCY Insiders:

Categories

Hi, I’m Chris.

I’m here to help you through every step of your PRVCY journey.

Wether you’re already taking the PRVCY online courses or a new subscriber, I’ll post constant news and information based on our research to help you taking back control of you PRVCY!

PRVCY Insider

Stay up to date with the latest news on data protection and controlling your privacy online.

EN - PRVCY Insider