Every Step You Fake: Final Report released

Today, we are pleased to announce the release of our full report detailing our year-long research project into the privacy and security of wearable fitness tracking devices.

Our dedicated report webpage includes links to an interactive tool that lets people compare and contrast fitness tracking services, a customization of our Access My Info tool to let consumers create legal requests for their personal data from fitness trackers, and several supplementary resources.

Key findings

  • All studied fitness trackers except the Apple Watch were vulnerable to Bluetooth MAC address surveillance
  • Garmin, Withings, and Bellabeat applications failed to use transit-level security for one or more data transmissions, leaving user data exposed.
  • The Jawbone UP application routinely sent out the user’s precise geolocation for reasons not made obvious to the user.
  • Fitness tracking companies gave themselves broad rights to utilize — and in some cases, sell — consumer’s fitness data
  • Data collected by fitness tracking companies did not necessarily match with what can be obtained through an access request.

Have a look at the website.