The trade-off between using fitness apps and data privacy concerns

The trade-off between using fitness apps and data privacy concerns

Fitness apps can get your data into wrong hands

by Kurt Knutsson

There’s an app for almost everything, so it’s natural that there are many for tracking your health. These apps can be tempting and even useful by helping you track your calories, steps, activity, and more. They look harmless on the surface, but that’s not exactly the case deep down. Researchers have found that these apps have shady data-sharing policies.

They collect sensitive data like your location, sexual orientation, and race and share it with third-party companies, which can include data brokers. This data can also fall into the hands of hedge funds, insurance companies, advertisers, and government agencies.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

Fitness apps and their data sharing

Researchers at Incogni investigated 9 fitness apps to see how they collect your data and what they do with it. They found that all these apps collect an average of 15.2 data points each, with Fitbit being the most data-hungry app with 21 data points collected. JustFit collects the least, 5 data points.

Fitbit, along with three other apps—MyFitnessPal, Strava, and Peloton—also collects approximate location data, meaning it knows where you train and possibly which locales you often visit. Many apps also collect your contact details, with 8 apps collecting email addresses and 7 of those apps also collecting names.

Some fitness apps collect data that seems unrelated to your workout routine. For example, Weight Watchers: Weight Health gathers information about your race and ethnicity, while YAZIO Food & Calorie Counter collects data on sexual orientation. The latter also collects street addresses, which is questionable. It’s difficult to see how street address is connected to fitness goals.

YAZIO’s data collection disclosure on the Google Play Store states that sexual orientation is a mandatory data point. This means you cannot use the app unless you provide your sexual orientation information.

 

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

 

What happens to all the data collected by fitness apps?

All nine apps examined collect a vaguely defined category of personal information simply labeled “other info.” This broad catch-all includes “[a]ny other personal information such as date of birth, gender identity, veteran status, etc.” The listed data points are troubling enough, but the question of what’s concealed behind that “etc.” is even more alarming.

Incogni researchers found that fitness apps don’t share as much of their data with other companies as apps like Instagram, Facebook, and X do. But some apps, like BetterMe, still share a ton of your info with others.

Out of the nine apps they checked, most of the data was used for things besides marketing. Only about 12% of the reasons for collecting data were about marketing. But when it came to sharing data, about 15% of the reasons were for marketing.

The researchers suggested that this data can sometimes also be sold to data brokers. There’s a range of interested parties willing to pay for your health information, including insurance companies, marketers, and all manner of spammers and scammers.

Once this data gets into the hands of these parties, it can lead to more robocalls, spam emails, and junk mail. In some cases, this can also lead to you receiving more and better-targeted scam attempts, having loans mysteriously rejected, and seeing insurance premiums go up for no apparent reason.

We reached out to all 9 fitness app companies for a comment on this article, but had not heard back before our deadline.

A man using a fitness app

 

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS

 

4 ways to keep your personal data safe

Data is now more valuable than ever, so you also need to be more careful with how you share it online. Below are ways to keep your personal data safe.

 

1) Be careful with app permission: When you download a new fitness app, it will ask you for many permissions. However, not all of them are required for the app to function. Use your judgment to determine if the app actually needs permissions like location, contact information, and more.

 

2) Be cautious with personal information: Avoid sharing personal information with fitness apps, and be careful with what information you input. Details like your race and sexual orientation aren’t necessary for fitness tracking.

 

3) Remove your personal data from the internet: If you’ve been using a fitness app or any other online service, chances your data is already online. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers.  I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

Get the Incogni Family plan (up to 4 people)

 

4) Avoid clicking on unknown links: If your fitness data is shared with third parties, they might target you with phishing links. Avoid clicking on links, especially those sent via email or found on unfamiliar websites, as they might lead to counterfeit or malicious pages.

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have strong antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

 

Kurt’s key takeaways

When considering fitness apps, it’s crucial to weigh their convenience against potential privacy risks. While these apps offer useful tools for tracking health, the huge amount of sensitive data they collect and share cannot be overlooked. The possibility of this information ending up with third-party companies, including data brokers and marketers, raises serious concerns about user privacy and the potential for misuse.

Do you review the permissions requested by an app before downloading it? Let us know in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

This article was created in partnership with Incogni.

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.


   

1 comment

blah blah October 8, 2024 - 10:48 am

Easy – don’t use any of them.

Reply

Leave a Comment

GET MY FREE CYBERGUY REPORT
Subscribe to receive my latest Tech news, security alerts, tips and deals newsletter. (We won't spam or share your email with anyone else.)

By signing up, you agree to our Terms of Service and Privacy Policy. You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder