If you wear a popular fitness tracker to keep up with steps taken, miles walked, and calories burned, chances are you find it highly motivating. Some users have called it a personal trainer on their wrist.
But researchers at the University of Toronto say there is something consumers should know. Like any electronic device that connects via WiFi, the data collected by most of these fitness trackers might not always be private.
In a study, researchers say they found there are major security and privacy issues in trackers made by Basis, Fitbit, Garmin, Jawbone, Mio, Withings, and Xiaomi. The researchers reached their conclusion after analyzing data transmissions between the Internet and apps for the fitness trackers.
The seven trackers communicate with smartphone apps through Bluetooth. The researchers say that Bluetooth leaks personal data, and that anyone near a device could track a user’s location over time.
They also report certain devices by Garmin and Withings transmit information without encryption. Someone would have to know how to intercept the data, they say, but if they had the knowledge, it could be done.
Apple Watch the exception
The only device that did not leak data in the study was the Apple Watch.
Andrew Hilts, one of the report’s authors, says the security issue exists because each device has a unique identifier that is constantly sent out via Bluetooth. It's there even when you think it is turned off.
Hilts says the issue is easily resolved if device manufacturers implement an existing Bluetooth privacy standard. Until they do, he says, users will be vulnerable to location-based surveillance.
“We hope our findings will help consumers make more informed decisions about how they use fitness trackers, help companies improve the privacy and security of their offerings, and help regulators understand the current landscape of wearable products,” Hilts said in a release.