Just last week I wrote about medical information being more sought by hackers than even credit card information.  Now there’s even more information supporting the need for consumers to be even more vigilant in using wearable fitness applications.

Why? Because it turns out that some wearable fitness apps do not have the kind of privacy and security features needed to protect the wearer’s personal information.  Mathew J. Schwartz reported on a recent study by Candid Wueest, a Symantec security researcher (www.healthcareinfosecurity.com; “Do Wearable Devices Spill Secrets? Sizing up the Privacy Risks of Fitness-Tracking Apps”; October 17, 2014).

Mr. Wueest studied the top 100 most popular fitness-tracking applications on both the Apple Store and Google Play.  He found that the information transmitted by the applications often included the wearer’s name, email address, password, date of birth and target weight as well as their Facebook and Google access tokens.

What else did Mr. Wueest unearth? As Mr. Schwartz wrote that Mr. Wuuest’s research and analysis found that:

  • 52% of the applications offered no privacy policy;
  • Each application shares personal data with — on average — 5 sits including application-related analytics sites, advertising networks, social media sites and marketing networks;
  • 20% of the applications Mr. Wueest studied were transmitting login credentials in clear text; this means that the information could be intercepted by anyone connected to the same public WiFi hotspot, for example, as one of the devices or if someone planted a Bluetooth “sniffer” within range of one of the devices;
  • Some of the applications encrypted the credentials, but failed to encrypt the personal data being transmitted; and
  • That many of the application makers and device manufacturers failed to secure the personal information being stored on their sites.

Again, I’m not suggesting that consumers abandon fitness regimes and fitness-tracking devices.  What I am emphasizing is the critical need to try and learn as much about the data security and privacy practices of the manufacturers of wearable devices as possible.