A recent study by the virtual private network provider NordVPN found that 1 in 4 (24.6%) people use a fitness or wellness device such as a smartwatch, fitness tracker, etc. However, these devices can track a lot more than your fitness activities, and 25% do nothing to protect them, which can pose a serious risk to people’s privacy.
The data that fitness wearables and the associated mobile apps collect includes basic activities such as steps, heart rate, time to fall asleep or wake up, as well as calorie consumption, weight or even running distances. all of great interest to stalkers or attackers. For example, research by Clario has shown that Strava collects 41.18% of users’ personal data and MyFitnessPal 35.29%.
“Health information is definitely one of the most private and sensitive data in our lives. However, we allow our portable fitness trackers to capture and store this information in mobile apps without really knowing the security gaps, ”comments Daniel Markuson, digital privacy expert at NordVPN.
Fitness apps – popular target for hackers
Like many gadgets, wellness devices and their apps, they also have security flaws that could allow hackers to access your information. Even without taking control of your device, someone can “sniff” the Bluetooth signal sent back to your smartphone to guess your passcode. Whenever a hacker has your PIN, all of your health information is easy to access.
According to Have I Been Pwned? the diet and exercise service MyFitnessPal suffered a data breach in 2018. The incident revealed 144 million unique email addresses, as well as usernames, IP addresses and passwords. In the next year, this data appeared on the Darknet and was offered for sale. That same year, another health and fitness service company – 8fit – suffered a privacy breach of 15 million unique email addresses that were later also sold on the dark web.
“Many people connect their fitness equipment to an external app in order to track, share and analyze their activities. However, this is where people easily reveal their sensitive information. Lots of people share fitness successes on social media or in the app’s online forum, ”adds Daniel Markuson, NordVPN’s digital privacy expert.
This is how you make sure your fitness data is safe
Since most fitness trackers lack the necessary safety systems, Daniel Markuson gives some advice to make your fitness experience less stressful and safer:
- Read the user agreement. Before purchasing fitness equipment, take some time to read the User Agreement and Privacy Policy. Make sure the company values your privacy and is taking reasonable steps to protect it.
- Make your identity hidden online. If your fitness apps are ever hacked, you can use a VPN to restrict the personal information that could potentially be disclosed. It creates an encrypted tunnel for your data and protects your online identity by hiding your IP address.
- Limit the data collected. Most of the time, apps and devices collect data that is not required for their operation. If possible, allow them to collect and store only the data necessary to provide you with the service for which you have signed up.
- Regularly delete the data stored in the app / device. Many fitness trackers allow you to review and delete the data stored about you. Make sure to check the privacy policy to make sure it has been deleted data is actually deleted from the company’s servers as well.
