The Privacy Risks of Your Fitness Tracker

Tove Marks
Tove Marks
By: Tove Marks Reading time: 9 minutes Update: 09-16-2021
Smartphone with fitness equipment on top of it
Click here for a summary of this article
The Privacy Risks Of A Fitness Tracker

A fitness tracker can be a wonderful gadget to understand your body, improve your health, and stay fit. It can help you measure when and how you sleep, how many calories you burned, and a ton of other valuable information.

But that’s the thing – that information is measured, and stored. And that can pose privacy risks. Whether the data is subpoenaed, hackers get to it, or the company behind your gadget suffers a security breach, the result is the same. Your data is compromised.

Luckily, you can protect yourself against this grim outcome. Here’s what you need to do:

  • Only buy and use a fitness tracker from a company that takes privacy and security seriously. You can find this out by reading their privacy policy and terms of service.
  • Use a VPN. This can help make your fitness data less appealing to cyber criminals, because it can’t be paired with your interests for a higher profit.
  • Adjust the privacy settings on your fitness tracker by turning on multi-factor authentication, regularly deleting your data, and making your account as anonymous as possible.
ExpressVPN
Deal
Great discount on annual subscription + 30-day money-back guarantee!
Visit ExpressVPN

If you want to find out more about the privacy risks of fitness trackers, and how to avoid them, keep reading our article below.

There is an old saying that tells us, “what gets measured gets done.” This has proven especially true in the area of personal fitness. The arrival of personal fitness trackers has enabled us to track our fitness activities in ways we could not have dreamed of doing before.

This has helped boost the market for fitness trackers to over $20 billion per year. Unfortunately, these devices may be tracking a lot more than your fitness activities and may even pose a serious risk to your privacy.

What are the Privacy Risks of Fitness Trackers?

Health information is among the most private data imaginable. Some information we may hesitate to share even with our doctors and may never share with close family members. Yet we allow our wearable fitness trackers to capture this information.

More specifically, here’s what fitness trackers usually measure and store:

  • The time you wake up in the morning
  • The time you go to sleep at night
  • How far you walk each day
  • Your weight
  • Your blood pressure
  • How many calories you consume each day

Fitness trackers help us improve our health by making us more aware of these critical indicators. In the process, however, they gain access to some of the most private information in our life.

It’s important to be aware of what information they collect and store. Making informed choices about your privacy is your right and deserves serious consideration. This is especially true when it comes to private information about your health.

Can your fitness information be hacked?

jogger with smartwatchMost fitness trackers connect with your phone via Bluetooth. Unfortunately, studies have shown previously unrecognized security holes that might allow hackers to gain access to your information. Even without hacking your device, someone can “sniff” the Bluetooth signal sent back to your smartphone to guess your pin. Once a hacker has your pin, it’s simple to gain access to all your health information.

You might wonder who would want to go to the trouble of hacking your fitness tracker. We must remember that information is valuable. Companies such as Google and Facebook earn billions of dollars by compiling and selling user information. While you may not think there is a market for your data, if hackers are finding ways to crack your system, it’s a good bet there will be a market for the information somewhere, especially on the dark web.

Here’s a mind-boggling example of fitness trackers and their privacy risks. A few years ago, data from the fitness tracking app Strava was used to pinpoint the location and outline of secret US military bases. It was all based on data from military personnel using fitness trackers. If that’s possible, who knows what other privacy risks might come with using fitness trackers?

What if the fitness tracking company is hacked?

There is also concern that the information stored on the servers of the tracking company could be hacked. After all, if hacking one fitness tracker could yield valuable information, hacking the information of thousands of users is even more valuable. Hackers may sell the information or attempt to ransom it back to the fitness tracking company. Once the information is outside the company’s control, what happens next is anyone’s guess.

If the information is released publicly, your health insurance provider could legally use the information to adjust your health premiums. If you are more sedentary than what you report to your doctor, an insurance company could increase your premiums based on the released information. But the risks for a breach also include your home address falling into the wrong hands or your data being used for purchasing services.

You might think this is all just speculation, but it isn’t. Hacks happen all the time, also in the digital fitness world. For example, Under Armour’s fitness app was hacked a few years ago. If that can happen to a big company like Under Armour, you can bet it’s a risk for any type of fitness app.

What happens when your fitness company is sold?

fitbit logoMany makers of fitness trackers recognize that your privacy is important. Fitbit, for example, spells out clearly in their privacy policy how they will use your information. Reading the privacy policy for your fitness tracker can give you a sense of comfort knowing that the company values your privacy and takes steps to protect it.

If you dig a bit further, however, you may find some information of concern. Fitbit, for example, does explain that they collect your information and strip it of personal identifiers to sell to third parties. Your health information is so valuable to advertisers and researchers that they will gladly pay for access to anonymous information.

Furthermore, the maker of your fitness tracker might sell their entire business to another company, which raises all kinds of new questions. Will the new company have the same data policies? Will they attempt to exploit the data by selling information about your health to advertisers, insurance companies, or others? When a company is sold, one of the most valuable assets they possess is customer data. The sale of your data could become a key point in a future business deal.

Fitbit was sold to Google in 2021, for example. So far, their privacy policy hasn’t changed as a result. Google even addressed the sale and assured customers that nothing would change because of the sale. However, that might not always be the case: over time, privacy policies get altered. That’s why it’s important to do your research on the fitness tracker you’re using and stay up-to-date about any possible changes.

Any fitness tracker’s privacy policy will include a warning that your information may be released if the company is compelled to do so by law. In fact, this has already changed personal injury claims. Fitness trackers, and the data collected by them, have been used as evidence in court as far back as 2014.

It can a good thing if fitness tracker data can help justice prevail, but what if your data is misused or misinterpreted? Fitness trackers often confuse activities such as driving or folding laundry as walking. What if an insurance company subpoenaed your private information from your tracker as part of a worker’s compensation claim?

If the tracker showed you walking thousands of steps on a day when you were merely driving to doctor’s appointments, you’re likely to feel outraged and violated. Even if the device confirmed your story, having your private information released to antagonistic attorneys would likely feel like an invasion of privacy.

Unfortunately, there’s no way around this. If a legal entity requests your data, companies have to comply. On the flip side, there are steps you can take to keep the information they have at a minimum, and protect yourself from hackers and security breaches.

How to Maintain Your Privacy

Eye on LaptopWhile none of the reasons mentioned above may compel you to ditch your fitness tracker, they should cause you to stop and think. Especially considering this 2021 BMJ study, which revealed that 88% of health apps are designed to capture personal data.

As technology continues to advance at a rapid pace, privacy is often an afterthought. Users usually don’t consider the true value of their privacy until it has been violated. If you want to maintain your privacy and use fitness trackers as anonymously as possible, you can take some safety precautions. It all starts before you even purchase a fitness tracker.

Research terms of service and privacy policies

Before purchasing a fitness tracker, take some time to read the company’s privacy policy. Assure yourself that the company that makes your tracker values your privacy and takes reasonable steps to protect it.

Research any data breaches in the company and whether they have taken steps to prevent intrusion in the future. Think about when and where you might want to wear your fitness tracker. Crowded areas provide more opportunities to skim data and a richer environment for thieves and hackers.

These considerations doesn’t end after you bought your fitness tracker. Privacy policies and terms of service get updated a lot, especially in the case of a company being bought, or a merger. When these terms of service change, customers will be notified. If you use a fitness tracker, pay close attention to these updates.

A dose of skepticism is also healthy when researching fitness trackers. The previously mentioned BMJ study found that not even half of all fitness trackers stay true to their privacy policy. A third don’t even have a privacy policy.

Not in the mood to research? Here’s what you can do. Choose a fitness tracker that is compatible with Gadgetbridge. It’s an open-source Android app that keeps your fitness data tied to your own device. This means it’ll never fall in the hands of a third-party.

Hide your identity online

Even if your information is compromised, that doesn’t have to mean your identity is instantly revealed. For data to have optimal worth to others, it must be linked to you personally. By combining the information with a profile of your activities and interests online, your data becomes truly valuable.

You can protect your anonymity by using a VPN service on all your devices. A quality VPN makes sure your privacy is protected by rerouting your data through their server after encrypting it. This way, your privacy is protected. If you’re new to the world of VPNs and don’t know where to start, we recommend using ExpressVPN is a good pick overall. It has enhanced security features, and reliable connection speeds.

ExpressVPN
Deal:
Great discount on annual subscription + 30-day money-back guarantee!
From
$6.67
8.9
  • Very easy to use VPN
  • Perfect for anonymous browsing, downloading, and streaming (i.e. Netflix)
  • 3000+ servers in 94 countries
Visit ExpressVPN

You can even get a free trial for ExpressVPN if you follow this guide. For more information about how a VPN can protect your privacy and provide many other benefits, see our post about choosing the right VPN for your needs.

Change the privacy settings of your fitness tracker

Besides researching privacy policies and using a VPN, you can also augment your online safety by changing the settings of your devices. Each fitness tracker is different, so it’s impossible for us to give you a step-by-step guide on how to change each setting in particular, but here are some general guidelines:

  • Turn on multi-factor authentication. This will secure your devices and accounts so hackers will have a much harder time trying to access your health data.
  • Delete your data on a regular basis. Most famous fitness trackers allow you to view the data they store on you, and let you delete it. Do make sure to check the privacy policy to verify that deleted data is actually deleted from the company’s servers, as well.
  • Adjust privacy settings. Some trackers and fitness apps, like Fitbit, allow you to make your data private in its settings. Take a critical look at your settings and make sure you’re only sharing information you want the company to have.
  • Make your account anonymous and secure. Most fitness trackers require you to connect a Google or Apple account. Sign up under a pseudonym, and make sure you update your password frequently to avoid a disastrous breach. Alternatively, you can always use a password manager.

In Conclusion

A fitness tracker can improve your health and help you stay fit. In the process, however, it gathers extremely valuable information about your routine and body. When paired with data gathered from your online activities, this can be a gold mine for companies trying to target you with ads.

But you can protect yourself from invasive companies. Make sure you research the terms of service and privacy policies of companies that manufacture and sell fitness trackers. Only choose a product made by a company you can trust. Moreover, breaches can happen at any time, so we recommend you take extra precautions as well. Use a VPN to remain anonymous online, regardless of what happens with your fitness tracker data.

The Privacy Risks of Fitness Trackers: FAQ

Do you want to learn more about fitness trackers and their safety? Check our frequently asked questions section below for more information.

Do I need a fitness tracker?

Fitness trackers are not mandatory for a healthy life. Anybody can measure how much sleep and exercise they get and check their blood pressure every now and then. But a fitness tracker makes it easy to make notes of these things and improve your life.

If the health benefits outweigh the cost and privacy risks, for you, then a fitness tracker is a good purchase. If you want to find out more about how fitness trackers work, and what their privacy risks are, read our article on the topic.

What is a fitness tracker?

A fitness tracker is a wearable device that can measure important fitness metrics, like calories burned, miles walked, and even your heart rate and sleep schedule. While this makes it easy for people to pay closer attention to their health and well-being, the use of a fitness tracker can also pose some privacy risks. Read our article about fitness trackers to find out more.

How does a fitness tracker track sleep?

A fitness tracker can track your sleep in two ways:

  • Setting the wearable on “Sleep Mode” by hand whenever you’re going to bed. However, this might not always be accurate, especially for those of us that like to spend some time on the phone before actually turning in for the night.
  • Using an accelerometer. This is a special device that can identify all types of movements made by an individual. It’s also equipped with an algorithm that can differentiate between movement types and associate them with sleep stages, as well as determine whether or not you’re asleep.

How do I use a fitness tracker safely?

If you love the benefits that a fitness tracker can provide, but you’re scared of the privacy risks, here’s what you can do to stay safe:

  • Research the terms of service and privacy policies of fitness tracker companies. Use this knowledge to buy safer fitness devices.
  • Use a VPN. While this won’t protect your fitness data, it will make you anonymous online. This means that your fitness data can’t be paired with your other personal data, so it’s less valuable to hackers.
  • Enable multi-factor authentication on your accounts. This will prevent a data breach from snowballing out of your control.
  • Sign up to fitness apps with an anonymous account. Use a pseudonym for your email address, and you’ll enhance your online security.

If you want to find out more about the safety risks of fitness trackers, as well as how to protect yourself, read our full article.

What data does my fitness tracker store?

Not all fitness trackers work the same, so different devices will store different information. However, in general this is what you can expect fitness trackers to measure:

  • What time you wake up
  • What time you go to sleep
  • How far you walk each day
  • Your weight
  • Your blood pressure
  • How many calories you consume each day

If you want to find out more about the privacy risks of fitness trackers, and how to protect yourself, read this article.

Tech journalist
Tove has been working for VPNoverview since 2017 as a journalist covering cybersecurity and privacy developments. She has broad experience developing rigorous VPN testing procedures and protocols for our VPN review section and has tested dozens of VPNs over the years.
More articles from the "Devices" section
1
Comments
Leave a comment

  1. A good write up here. However I’ve just bought a Fitbit device which denies me access to its app (which is needed for all my fitness data analysis) when I have my VPN turned on.
    Could anyone suggest fitness trackers that actually value their customers privacy?
    Thanks.

    Reply
Leave a comment