A new analysis has revealed the scale at which some fitness apps collect significant amounts of data on users – including those who are able to share the information with so-called ‘data harvesters’.
The data collected includes the individual’s exact locations and financial information for the photos they took. In fact, out of the 10 apps analyzed, seven collected photos from users and five of them collected users’ exact current location.
The vast majority of users are likely to know that the apps they have on their phone legitimately store certain personal information, such as their email addresses and names. However, the long Ts & Cs that come with each download mean that they may not be fully aware of the amount of information they provide.
What data are apps collecting?
Researchers at the data protection service Incogni analyzed 10 apps on the Google Play Store on March 27 – Strava, Fitbit, AllTrails, Calm, Flo, Runna, MyFitnessPal, Headspace, Calorie Counter, ShutEye.
They noted the wide range of user information collected and shared by the apps (such as exact location, Name, Email, Health Information, Fitness Information, Photos, App Interactions, Other User Generated Content, Other Actions, Crash Logs, Diagnostics , other App performance data, Device or other IDs).
The results showed that fitness apps Fitbit and Strava collected the most personal information and that all but three apps (Fitbit, Fl, Calorie Counter) shared data with third parties.
Runna’s running coach app collected 13 data points and shared all of them with third parties such as ‘data brokers’ – including users’ exact location, name and email addresses, photos, and health and fitness information. The AllTrails hiking app collected and shared eight data points about the people who use it.
Seven out of 10 apps analyzed users’ collected photos (FitBit, Strava, AllTrails, Flo, Calorie Counter, Runna, MyFitnessPal), and five collected their exact current location (Fitbit, Strava, AllTrails, Runna, MyFitnessPal). This means that app developers could ‘see’ where people regularly travel to their home or even just.
Fitbit was found to have collected the most data points about its users, collecting 21 different types of information. Strava collected 19 different types.
Should we be worried?
Users should be aware of data collection. Brokers can collect information from apps, social networking sites, and merge this with other publicly available information – this data can even be used in background checks by employers or checks by insurers.
Darius Belejevas, head of data protection service Incogni, said: “Apps that record and track fitness data can be a great motivational tool used by millions of Brits to get more out of their workouts, eat better, keep running or being active. But without realizing it, many of us are giving away personal data that not only shows how many calories we ate or the steps we walked, but also shows the exact location where and when we took the steps. that.
“Sensitive, personal health and wellness information is very valuable to data brokers because hundreds of stakeholders – both legal and illegal – are willing to pay for such information, including insurance companies and marketers. Of particular concern is that some apps collect ‘other information’ and ‘other user-generated content’ without specifying what these vague terms mean.”
Gaël Duval, co-founder and developer of privacy-focused operating system /e/OS, said: “A lot of these apps are marketed as ‘free’, but people don’t realize that their data is now a currency. Free and paid apps will ask for certain permissions during installation that allow them to collect and sell your data to data brokers. This is often disguised as part of the app’s functionality, but in reality the data is passed on or sold to data brokers, who sell it for advertising and other purposes.
“Data brokers collect/analyze user data from various sources to create a detailed profile of a person and sell it on for profit. The data collected about you in apps can range from things like age and location, to medical information and sexual interests. It is then used to create an accurate picture of your habits, allowing advertisers and major technologies to deliver increasingly relevant content and product recommendations – encouraging you to spend more time and money online, which harms your mental health and your finances.”
Yahoo News has reached out to the apps for comment.
Which apps collect what?
Fitbit
21 data points collected
0 shared with third parties
Strava: Run, Bike, Hike
19 data points were collected
3 shared with third parties (crash logs, diagnostics, device or other identifiers)
AllTrails: Hike, Bike & Run
18 data points were collected
8 shared with third parties (Exact Location, Proximity Location, Name, Email, User IDs, Purchase History, App Interactions, Device IDs or others)
Peace of mind – Sleep, think, relax
16 data points were collected
6 shared with third parties (Email, User IDs, User payment information, Purchase History, App interactions, Device IDs or others)
Flo Period & Pregnancy Tracker
15 data points collected
0 shared with third parties
Runna: Run Plans & Coach
13 data points collected
13 shared with third parties (Exact Location, Name, Email, Health Information, Fitness Information, Photos, App interactions, Other User Generated Content, Other Actions, Crash Logs, Diagnostics, Other App Performance Data, Device IDs or other)
MyFitnessPal: Calorie Counter
12 data points collected
3 shared with third parties (exact location, User IDs, Devices or other IDs)
Headspace: Meditation & Sleep
9 data points collected
7 shared with third parties (Name, Email, User IDs, App interactions, Crash Logs, Diagnostics, Device or other IDs)
Calorie Counter
13 data points collected
0 shared with third parties
ShutEye: Sleep & Relax
1 data point collected
2 shared with third parties (User ID, Device or other IDs)