Citizen Lab Research Fellow and Executive Director of OpenEffect Andrew Hilts was interviewed by Fox8 News Cleveland regarding privacy concerns with popular fitness trackers, including Apple, Fitbit, and Basis. These findings were detailed in the report entitled “Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security,” in which it was discovered that of the eight fitness wearables studied, all of them except for the Apple Watch emitted a persistent unique identifier over Bluetooth.
An estimated 33 million fitness trackers are owned in the United States. Andrew Hilts told Fox8 that fitness trackers do not necessarily stop tracking one’s location even if disconnnected from a mobile phone. Infact, Hilts said,”what we actually found was that if you turn off Bluetooth on your phone and your device is not connected, then suddenly it will start emitting these trackable identifiers.” Some apps provide the ability to track the locations of nearby fitness tracker users. Though this does not tie the identities of individuals to the trackers, Hilts explained that it allowed others to know how a specific cellphone or fitness tracker was moving around a given place.
Some companies do have stronger protections for user data than others. “FitBit had some sophisticated anti-data tampering measures in place,” he said, adding that Apple has strong security measures as well. “Hopefully our report can help these companies see that consumers are concerned about these issues, and that resources should be appropriately devoted to making sure people’s data is secure,” he concluded.