Fitness Apps: Good for Health but Bad for Privacy
Fitness and health apps are designed to help you record and quantify your sports activities, medication intake, and even contraception methods. On one hand, they significantly ease the monitoring of your own health and healthy habits, but on the other, they may put your privacy at risk. In the worst cases, they could even put you in physical danger, for example, by revealing runners' home addresses and their real-time location. Many such apps disclose sensitive information or share it with dozens of third-party organizations, including Facebook. And in their privacy policies, they do not provide users with complete information about how exactly they manage the collected data: location, medical, or even extremely personal information. Fitness trackers have become incredibly popular over the last five years. For instance, Strava stated it has 42 million users and that this number increases by one million every month. Impressive, right?
What Fitness Apps Know About You
Most fitness apps, such as Fitbit, Strava, MapMyRun, Nike+ Run, and Asics Runkeeper, have a wearable device that syncs with your smartphone. This device can collect a wealth of information, including the number of steps, your heart rate, where and when you travel, your weight, and when you are awake or asleep. Health trackers are usually apps that you install on your phone. They rely on you filling out forms about your health to collect data. Depending on the app's goal, this can range from standard questions about your health to questions about quite intimate topics.
These Data Can Be Stolen
Manufacturers of fitness apps, like all other industries, have faced data breaches. The largest data breach to date occurred with the MyFitnessPal app by UnderArmour in 2018. Usernames, passwords, and email addresses of more than 150 million users were disclosed. Hackers typically target data that they can easily monetize (such as credit card numbers), but the thought that location data could be disclosed is particularly concerning. Given that runners and cyclists usually engage in their activities where they live, criminals could also identify a user's place of residence by studying where most of their routes start and end.
How to Protect Your Privacy
It may be surprising that sharing users' medical information so broadly is entirely legal for apps. However, for example, the American Health Insurance Portability and Accountability Act (HIPAA) does not apply to information people collect for their own use. This means that, in most cases, fitness apps are not subject to this regulation. New regulations in the US, specifically aimed at fitness apps, could encourage developers to handle sensitive data more responsibly, but so far, there has been no progress. Efforts by American senators to prevent the sale of private medical data to insurance companies, creditors, and employers have led nowhere. The European Union's General Data Protection Regulation (GDPR) offers some protection by requiring informed and unequivocal consent before data can be shared. However, this only applies to individuals residing in the European Union. Therefore, the best way to maintain privacy when using fitness or health monitoring apps is to take matters into your own hands.
What Can You Do?
Read the privacy policy
If it does not specify exactly what data is shared and with which organizations, then assume that all data you enter into the app could be shared with an unknown number of third parties. If you're uncomfortable with this, find another app.
Check privacy settings
Take the time to review the privacy settings. Preventing data sharing by the app is good, but the most private solution is to not allow data collection at all.
Limit the data you provide
Many of these apps collect more data than necessary for their primary function. Consider whether you need to share literally everything to use the app. For example, there's no reason an ovulation tracker needs to know if you're having unprotected sex to function.
When in doubt, ask
If you're unsure how a fitness app company plans to use your data, send them an email and ask. And if you do, let us know what they say!
Fitness apps are a great tool that helps with motivation for exercising and tracking your progress. But you shouldn't jeopardize your digital health for physical health. It's important to be aware that the apps you download could put your privacy at risk.