Recent research has unveiled alarming truths about the privacy practices of popular fitness applications. Approximately 12 out of 15 of the best fitness apps are sharing extensive personal data with third parties, effectively compromising user privacy. The most notable offenders in this regard are Strava and Fitbit, which are said to collect an astonishing 84% of all potential data points available.
Table of Contents
- The hidden price of at-home training
- Data collection and sharing practices
- The impact of free versus paid apps
- Sensitive information collection
The hidden price of at-home training
In evaluating the true cost associated with using (often free) at-home training apps, the Surfshark team investigated the data collection practices of the top 15 mobile fitness applications, encompassing exercise trackers, workout apps, and personal training platforms. Their analysis relied on data sourced from the Apple App Store as of December 30, 2024, examining a comprehensive list of 35 unique data points categorized into 16 distinct data categories.
Key Findings
- Total apps analyzed: 15
- Percentage of apps sharing data with third parties: 80%
- Apps without health data tracking: 2 (Centr and Peloton)
The findings highlight a concerning trend for those engaging with mobile fitness tools. Notably, Nike Training Club has been pinpointed as a leader in terms of the volume of tracking data it shares with third parties, involving details such as device IDs and some sensitive information.
Data collection and sharing practices
The study indicated that a staggering majority of apps, specifically 13 out of 15, are actively collecting health and fitness information directly tied to users. Notably, Strava and Fitbit emerged as frontrunners in data collection, accumulating 21 unique types of data each. On the other end of the spectrum, the most privacy-conscious app, Centr, only collects three types of data: User ID, Product Interaction, and Crash Data, with merely one type involved in user tracking.
Common Data Points Collected
- Device Locations: Many apps collect precise or coarse location data.
- User Identifiers: This includes emails, user IDs, and device IDs.
- Interaction Details: Data on how users interact with the app and its features.
In Apple’s own terms, “Tracking refers to the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.” This encapsulates the core issue surrounding fitness apps and their data handling practices.
The impact of free versus paid apps
Another critical finding from the research is the disparity between free and paid fitness applications. It was noted that free apps tend to share significantly greater amounts of data with third parties compared to their paid counterparts. The primary revenue model for these free applications often relies on selling user data to data brokers or inundating users with invasive ads. Consequently, upgrading to a paid subscription can be viewed as a viable means of safeguarding personal privacy.
Recommendations
- Consider Paid Subscriptions: It may enhance privacy protection.
- Evaluate Permission Requests: Ensure the app functions adequately without unnecessary permissions.
Tomas Stamulis, Chief Security Officer at Surfshark, emphasizes the importance of assessing privacy ramifications when selecting fitness applications, urging users to remain vigilant regarding the amount and type of data being shared.
Sensitive information collection
It’s important to note that some apps cross significant privacy lines by collecting sensitive information. The research revealed that three of the examined apps collect data relating to racial or ethnic backgrounds, sexual orientations, pregnancy or childbirth information, and other intimate details. Among these, the Nike Training Club has been highlighted for its questionable data collection practices.
Types of Sensitive Information Collected
- Racial/Ethnic Background: Sensitive demographic data.
- Sexual Orientation: Personal information that could lead to privacy concerns.
- Health-related Data: Information touching on pregnancy, disabilities, and more.
Moreover, location data remains a focal point, with four popular running applications, including Runna and Strava, collecting precise location data associated with users. Others gather only coarse location information, with several of them sharing this data with third parties.
As highlighted in the Surfshark report, it is essential for users to comprehend the underlying cost of using fitness applications. Making informed decisions about which apps to trust and utilize can help shield against unwanted intrusions into personal privacy.
Leave a comment