What your Fitness Apps say about you: Should you be worried?
By Laura Chutny | March 10, 2019
If you run or cycle, meditate, track your diet or sleep, you probably use Strava, Garmin, MyFitnessPal, Fitbit or one of the dozens of other health and fitness applications. When you signed up for those services, did you read the privacy policy and determine what might happen to your personal data? If you did, are you concerned about the fate of your data? It is a concern that many of us have, but privacy policies are often long, obtuse and often dreadfully boring to read. Knowing what those companies may or may not do with your very personal data, however, is important.
(Image courtesy United News Desk)
Health and Fitness apps are among the top 10 categories in both the Google Play and Apple App] stores,. Many mobile devices come with at least one health and fitness app preinstalled (e.g. Apple’s Health).
Data and Privacy Concerns
Health and fitness apps take data from you and store it in your account in the cloud. This data includes things like your weight, height, birth date, blood pressure, pulse, location during exercise, menstrual cycle, diet, and many more. By installing one of the apps, you have consented to share your data with the company that created the app.
In some cases, your data becomes part of a wider set of data through aggregation, as in Strava’s Heat Maps. This particular feature has recently come under fire for allowing re-identification of location. In this particular instance, the heat map highlighted the location of military bases after soldiers logged their exercise through Strava which potentially put soldiers at risk. Those soldiers most likely were not aware their data in Strava would allow this type of reverse engineering. Single people may also be put at risk if they can be tracked to their home, gym or workplace from their publicly available data.
(Image courtesy Mashable)
In other cases, your data may be shared with analytics companies, advertisers and social networks. Even if your data is not shared, the security of your data within the application itself may be at risk, with no standards of practice or regulation on how applications use, store or transfer data. Recently, one company has begun to use your data to adjust your life insurance policy. It is not inconceivable then that unregulated sharing of your personal information with health insurance providers may affect your eligibility or premiums. Maybe you should rethink that third beer on Fridays!
Dimensions of Privacy
Daniel Solove created a Taxonomy of Privacy that we can use to evaluate the risks presented by health and fitness applications. Many of the risks surrounding surveillance, interrogation, and security have been discussed.
Unwanted disclosure and exposure could be damaging to an individual. For example, imagine a young woman whose menstrual cycle tracker in her health app alerts an advertiser that she has missed a cycle 3 times in a row and has gained 5 lbs. That advertiser may calculate she is pregnant and start offering her ads for maternal vitamins. This is eerily similar to the Target case of the early 2000s.
If the app is leaking your personal data or allowing inappropriate secondary uses, your information could be distorted, for example by a faulty prediction algorithm, which may have unintended consequences for you. Imagine if inaccurate measurement and tracking of your resting heart rate resulted in a faulty prediction of your cardiovascular health, which leads a health insurer to deny you coverage for future heart attacks.
What happens next?
What does this all mean for you? As much as it is not fun to do, take the time to read the privacy policies of the apps you use. At least focus on the use and sharing of your data. If you do not understand it, contact the company. If they cannot explain it to your satisfaction, you might want to consider not doing business with that company any longer.
Cut down the number of apps you use, eliminate accounts for apps you no longer use and ensure the privacy settings for the apps you keep are appropriate for your level of comfort. For example, set your ‘home zone’ in Strava to protect your place of residence from showing up in your public feed, or more drastically, change your account to private.
Additionally, the app sector should be taking responsibility for the privacy aspects of personal health and fitness data. Companies need to give users options to opt-in to sharing each activity or chunk of data and clarify what it means to not opt-in. Paying customers might have the option to share less data. Reminders to users to check privacy settings are already beginning to happen. In Europe, with the advent of the GDPR, some of these actions are becoming part of doing digital business, but there is a long way to go to fully protect our personal privacy with health and fitness apps.