By Curtis Franklin, The Verge
It’s safe to say that few technologies have changed personal fitness more than wearable fitness trackers. These devices collect data to provide in-depth tracking of many different exercise parameters for coaching, analysis, record-keeping, and other purposes. But with all that data, how can you be sure your privacy won’t go flying out the window?
What data is being collected?
The first key to securing data from a tracking device is understanding precisely what is in that data. The capabilities of wrist-worn trackers vary widely, from simply counting steps and measuring basic activity to tracking advanced human performance data like VO2 max (maximal oxygen uptake) and time spent in specific heart rate zones.
More sensors generate more data, meaning there’s more sensitive information to protect
More performance parameters require more sensors, and more sensors generate more data, meaning there’s more sensitive information to be protected. While your heart rate with no identifying information probably wouldn’t mean a lot to someone who managed to see it, a wearable that keeps track of your running routes could provide information of great interest to stalkers or attackers. Other data, like the menstrual cycle tracking offered on some devices, could allow for a significant privacy breach.
The next key is knowing where the data that your tracker is collecting is stored. In older, very simple devices, like step counters or heart rate monitors, it simply stays on the wearable itself. If this is the case, security is simple: know where your tracker is.
However, it’s more likely that you’re using a fitness band or smartwatch, in which case you’re probably connecting to an outside app for activity tracking, sharing, analysis, and / or coaching. That means your data is now out of your hands, and the word “trust” becomes very important.
If trust isn’t enough for you, there are several steps you can take to protect yourself when using a fitness tracker.
Read the user agreement
When you sign up for any of these services, whether they’re provided by the device’s vendor or a third party, you’re presented with a user agreement. Before signing any of these documents, you should read it. You’ll find out all sorts of interesting things, like just how much data the company collects from your wearable (and possibly your phone), what it can do with that data, how long it can keep the info, and whether you can get it back. (It also couldn’t hurt to see if there’s an arbitration clause you may want to opt out of.)
If any of the clauses in the user agreement give you pause, then that’s exactly what you should do: pause
If any of the clauses in that agreement give you pause, that’s exactly what you should do: pause. Decide whether the information and advice you get back are worth trusting the security of your personal data to the service. You get to make the decision, but make it an informed decision.
Limit the data that is being collected
All too often, apps and devices collect far more data than is necessary. If possible, you should let them collect and store only the data required to give you the feedback you want. For example, if you want to count your steps and heartbeat but have no real interest in your sleeping habits, then turn the sleep tracker off.
Also, check regularly to make sure your apps haven’t expanded their data footprint. If, for example, you want pace, cadence, and speed information, it’s highly unlikely any of that will come from your phone’s microphone. If the connecting app asks for that access, just say “no.”
Set up two-factor authentication
Currently, one of the best ways to secure your accounts — including your fitness-tracking apps — is two-factor authentication or 2FA. A code is generated and sent to a trusted device (such as your phone), and you enter the code to verify your identity. There are several 2FA systems currently available. For example, if you’re using an Apple Watch, you can use 2FA through iCloud. Check to find out which systems work with your fitness tracker. The extra security is worth the trouble.