How to Keep Your Activity Tracking Data Private

Americans are becoming obsessed with tracking their activities. A growing number of people track all types of activities from their runs to their toilet breaks.

According to a study by the Pew Research Center, 60 percent of Americans now regularly track their weight, diet or exercise activity. A report by ABI Research estimates that the number of shipments for activity tracking wearable devices such as the new Apple Watch will reach 485 million units by 2018.

All this self-tracking is generating a wealth of data that is valuable not just for individual users but for businesses such as insurance companies and advertisers.

Few question how this collected data is being handled or how secure it is but they should. Recent studies by Symantec and the Privacy Rights Coalition (PRC) show that many activity tracking services don’t secure this information, leaving sensitive data exposed to opportunists like hackers and stalkers.

What is Activity Tracking?

Activity tracking, also known as self tracking, involves the use of wearable devices or smartphone apps to monitor and collect data on a variety of activities such as exercising, sleeping, eating and even sexual activities.

Data is collected either with a smartphone app using the phone’s sensors or a wearable device which syncs data to an app on your smartphone or a desktop application. Increasingly the collected data  is sent to the tracking service’s cloud servers for storage and analysis.

The Problem with Activity Trackers

Wearables are Trackable
Many wearable tracking devices are Bluetooth or WiFi enabled for syncing data. The problem is these signals include unique identifiers which can be tracked by someone with the right equipment. And because many people wear these devices 24/7, they can be tracked not just while out hiking or jogging but while going on errands, dropping off kids at school, etc.

No Privacy Policies
The Online Privacy Protection Act of 2003 (OPPA) requires online businesses to post privacy policies on their websites. But according to the PRC 26% of the free apps and 40% of the paid apps they reviewed in their 2013 study had no privacy policy in their app or on their website. And many did not comply with their posted policies. These policies are important because they detail what information is collected and what’s done with it.

Weak Security
Many of the activity tracking apps do a poor job of securing your data while transmitting it over the internet, where it’s most vulnerable. Of the mobile health and fitness apps analyzed by PRC, only 13% of the free apps and 10% of the paid apps encrypted their communications with SSL (Secure Sockets Layer). And many of these apps sent personally identifiable information (PII) across the Internet (e.g., name, email address, address, geo-location, etc.) unencrypted.

Data Viewed by Third Parties
Self tracking data is frequently transmitted to and viewable by third parties such as ad networks, mobile service carriers, data brokers, analytic services, and marketing services. Advertisers are the most common, especially with free apps because they depend on advertising as their source of revenue. The problem is the more services that have access to your data, the greater the risk of a security breach.

Tips on Keeping Your Data Private

  • Disable Bluetooth when not in use. You can do this with your smartphone but this may not be an option with many wearables.
  • Consider buying a wearable you can plug in to sync instead of syncing over Bluetooth or WiFi.
  • Since many activity tracking services don’t encrypt their data, don’t sync your data to the cloud over a public WiFi hotspot. Use strong WiFi encryption on your smartphone.
  • Don’t use an activity tracking app if you can’t find a privacy statement in it or on the service’s website.
  • Use apps/devices that sync just with your smartphone or desktop, not cloud servers.

If you insist on using an activity tracker, remember the data you’re collecting is highly valuable to businesses and thieves. Do your best to protect it.

Leave a comment