Citizen Lab research partner Open Effect today announced the release of the full report detailing our year-long research collaboration into the privacy and security of wearable fitness tracking devices.
The dedicated report webpage includes links to an interactive tool that lets people compare and contrast fitness tracking services, a customization of the Access My Info tool to let consumers create legal requests for their personal data from fitness trackers, and several supplementary resources.
Key Findings
- All studied fitness trackers except the Apple Watch were vulnerable to Bluetooth MAC address surveillance
- Garmin, Withings, and Bellabeat applications failed to use transit-level security for one or more data transmissions, leaving user data exposed.
- The Jawbone UP application routinely sent out the user’s precise geolocation for reasons not made obvious to the user.
- Fitness tracking companies gave themselves broad rights to utilize — and in some cases, sell — consumer’s fitness data
- Data collected by fitness tracking companies did not necessarily match with what can be obtained through an access request.