The digital privacy expert Daniel Markuson explains what kind of data is collected by fitness apps and why they’re a popular target for hackers. To protect your best personal training apps, the expert gives advice on how to make such apps more secure and protected from hacking and unethical activities.
A recent study by the virtual private network provider NordVPN revealed that 1 in 4 (24.6%) Aussies use some kind of fitness or well-being device, such as a smartwatch, fitness tracker, etc. However, these devices may be tracking a lot more than your fitness activities, and 25% do nothing to protect them, which may pose a serious risk to people’s privacy.
Among the data collected by fitness wearables and the mobile apps connected to them, there are basic activities such as steps, heart rate, the time you go to sleep or wake up, as well as your consumed calories, weight, or even running routes, which are all of great interest to stalkers or attackers. For example, Clario research has revealed that Strava collects 41.18% of users’ personal data, and MyFitnessPal — 35.29%.
“Health information is definitely among the most private and sensitive data in our lives. However, we allow our wearable fitness trackers to capture and store this information in mobile apps without properly knowing about its security vulnerabilities,” comments Daniel Markuson, a digital privacy expert at NordVPN.
Fitness apps — popular target for hackers
As many gadgets, well-being devices and their apps also have security holes that might allow hackers to gain access to your information. Even without taking control over your device, someone can “sniff” the Bluetooth signal sent back to your smartphone to guess your passcode. Whenever a hacker has your pin, it’s simple to gain access to all your health information.
According to Have I Been Pwned?, in 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses, and passwords. The next year, this data appeared on the dark web and was listed for sale. The same year, another health and fitness service provider — 8fit — suffered a data breach of 15 million unique email addresses, which later on were also sold on the dark web.
“Many people connect their fitness devices to an outside app to track, share, and analyse their activities. However, that’s the moment when people are easily giving away their sensitive information. Many people share fitness achievements on social media or on the app’s online forum,” adds Daniel Markuson, a digital privacy expert at NordVPN.
How to make sure your fitness data is secure
Since most fitness trackers lack the necessary security systems, Daniel Markuson shares some advice to make your fitness experience less stressful and more secure:
- Read the user agreement. Before purchasing any fitness device, take some time to read its user agreement and privacy policy. Make sure that the company values your privacy and takes reasonable steps to protect it.
- Make your identity online hidden. If your fitness apps ever get hacked, you can limit the potentially exposed personal information by using a VPN. It creates an encrypted tunnel for your data and protects your online identity by hiding your IP address.
- Limit the data that is being collected. More often than not, apps and devices collect data that is not necessary for them to operate. If possible, allow them to collect and store only the data required to give you the service you signed up for.
- Regularly delete data stored in the app/device. Many fitness trackers allow you to review and delete the data they store about you. Make sure to check the privacy policy to verify that deleted data is actually deleted from the company’s servers too.