I bought a fitness tracker, hoping it will help me boost my physical activity. However, a friend said the device might expose my personal health information to snooping by Internet hackers. Should I be worried?
A recent study by researchers at the University of Toronto pointed to several security and privacy risks associated with wearable fitness trackers. But whether these are serious enough for you to stop using your device is really your call. You could be concerned – or not.
For their study, the researchers examined eight wrist-worn trackers, and the related apps, including the Apple Watch, Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone UP2, Withings Pulse O2, Xiaomi Mi Band and Mio Fuse.
Only the Apple Watch was found to be free of privacy-related problems. All the others raised some red flags.
One of the key concerns is that fitness trackers use Bluetooth technology to send data to the users' other gadgets, such as smartphones. When a fitness tracker is not synced or paired to another device, it constantly sends out a signal searching for a mate.
"It is basically saying, 'I'm here, I'm here, connect with me,'" explains the study's lead author Andrew Hilts, who is executive director of the research group Open Effect and a research fellow at Citizen Lab at U of T's Munk School of Global Affairs.
Each fitness tracker's signal has a unique ID called a Bluetooth MAC (Media Access Control) address. That means, when you wear a fitness tracker that's not paired, it will be creating a digital trail with every step you take. In theory, your movements could be monitored if someone knows the specific ID of your device.
Apple Watches avoid this potential problem by routinely altering the MAC address, making them nearly impossible to track long term.
Yet even if you have another type of fitness tracker, Mr. Hilts acknowledges, "the risk of someone tracking the MAC address of your device and figuring out your identity from it is extremely low." However, it's possible your MAC address could be obtained through the courts or some other means.
Hilts notes that information from fitness trackers is being employed for an increasing range of purposes. It's being used as the basis for insurance discounts and entered as evidence in legal disputes. What's more, some malls are now monitoring Bluetooth signals to map the flow of shoppers for marketing purposes.
But why should you care about this level of surveillance if you're a law-abiding citizen? "I think people should consider the bigger picture of how every citizen's location could be tracked and saved in a database somewhere," Hilts says. "While we live in a relatively healthy democracy right now, do we want to establish a precedent where this sensitive data is being collected and could potentially be misused down the line?" he asks.
Of course, people can safeguard their digital footprints by simply syncing their fitness trackers with their cell phones at all times. That way their devices aren't constantly transmitting connection signals that can be monitored by others.
But even if you take this precaution, your privacy may still be put at risk, Hilts says. The fitness-tracking companies are the de facto stewards of your personal information, he argues. Some devices, and their related apps, can amass a huge amount of data about your physical activity, heart rate, lifestyle and even the quality of your sleep.
By "agreeing" to use their devices and apps, you are giving the makers of fitness trackers "a wide range of permissions on how they use the data that is collected and stored in their computer servers," Hilts says. (The Apple Watch is the exception to the rule: The data is encrypted on your device before it is sent to the company.)
Feeling nervous yet?
Well, those things don't worry Dr. Kevin Imrie, physician-in-chief of Sunnybrook Health Sciences Centre.
He is actually a big fan of fitness trackers because they can help some people reflect on their overall physical activity and that can be a motivating force for change.
Imrie uses an Apple Watch to chart his own activity. "It has been very helpful for me. It encourages me to do more," he says.
"Honestly, I wouldn't be worried in the slightest that someone might be able to determine the number of steps I take in a day," he says.
"My sense is that this risk to your privacy is small compared to other risks we take every day, such as online shopping."
The bottom line, he adds, comes down to a fitness tracker's ability to boost activity levels – and that varies from person to person. "Don't use it, if you are not deriving value from it," Imrie says. "But it can be one of the most useful tools for someone who is looking to make a lifestyle change."
Paul Taylor is a patient navigation adviser at Sunnybrook Health Sciences Centre. He is a former health editor of The Globe and Mail. You can find him on Twitter @epaultaylor and online at Sunnybrook's Your Health Matters.