Skip to main content
SpringerLink
Log in

Who Is Benefiting from Your Fitness Data? A Privacy Analysis of Smartwatches

  • Conference paper
  • First Online:
Security Protocols XXVIII (Security Protocols 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14186))

Included in the following conference series:

  • 277 Accesses

Abstract

Over the last decade, smartwatches have become prevalent, and the market is estimated to grow, reaching a value of $80.1 billion by 2028 [1]. The increase in the market share was primarily due to the attractive personal features related to fitness, which could fulfil the three basic psychological needs: autonomy, competence and relatedness [2]. As a result, user uptake increased rapidly. However, fitness data is also very personal. While many users share their fitness data, they do not want it to be used or shared without their consent. Data protection is required by law, but if users need to learn how their data is used and whether or not the operations follow the privacy policies, how do they know that their data is protected? Our research analyses the agreements between each party involved around the end users of smartwatches and looks at how the smartwatch vendors and application developers handle data. As our case studies, we analyse how privacy could be violated using four of the biggest market share holders, namely Apple, Fitbit, Samsung and Garmin.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Class Action -“a legal action that is organized by a group of people who all have the same legal problem” - Cambridge Dictionary.

References

  1. Vantage Market Research: Global smartwatch market size & share to surpass USD 80.1 Bn by 2028 (2022). https://www.globenewswire.com/en/news-release/2022/10/18/2536067/0/en/Global-Smartwatch-Market-Size-Share-to-Surpass-USD-80-1-Bn-by-2028-Vantage-Market-Research.html

  2. Deci, E.L., Ryan, R.M.: The “what’’ and “why’’ of goal pursuits: human needs and the self-determination of behavior. Psychol. Inq. 11(4), 227–268 (2000). https://doi.org/10.1207/S15327965PLI1104_01

    Article  Google Scholar 

  3. Gregersen, E.: Smartwatch (2022). https://www.britannica.com/technology/smartwatch

  4. Brief history of the smartwatch (2020). https://rotatewatches.com/2020/12/04/brief-history-of-the-smart-watch/

  5. Richter, F.: What smartwatches are actually used for (2017). https://www.statista.com/chart/10783/use-cases-for-smartwatches/

  6. McKeon, J.: 61M fitbit, apple users had data exposed in wearable device data breach (2021). https://healthitsecurity.com/news/61m-fitbit-apple-users-had-data-exposed-in-wearable-device-data-breach

  7. Liu, X., Zhou, Z., Diao, W., Li, Z., Zhang, K.: When good becomes evil: keystroke inference with smartwatch. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 1273–1285. Association for Computing Machinery, New York, NY, USA (2015). ISBN 9781450338325. https://doi.org/10.1145/2810103.2813668

  8. Munk, C.W.: The biggest security risks of using fitness trackers and apps to monitor your health (2022). https://www.cnbc.com/2022/11/26/the-biggest-risks-of-using-fitness-trackers-to-monitor-health.html

  9. Cyr, B., Horn, W., Miao, D., Specter, M.A.: Security analysis of wearable fitness devices (fitbit) (2014)

    Google Scholar 

  10. McMullen, G., Fairfield, R.: 2019 quantified self report card (2019). https://humandatacommons.org/wp-content/uploads/2019/11/HDC-Quantified-Self-Report-Card-2019.pdf

  11. Statista Consumer Insights: Smartwatch market share worldwide in 2020 and 2021, by vendor (2023). https://www.statista.com/statistics/1296818/smartwatch-market-share/

  12. Statista Consumer Insights: Ehealth tracker / smart watch usage by brand in the uk (2022). https://www.statista.com/forecasts/997782/ehealth-tracker-smart-watch-usage-by-brand-in-the-uk

  13. Privacy. https://www.apple.com/privacy/

  14. European Commission: Mergers: commission clears acquisition of fitbit by google, subject to conditions (2020). https://ec.europa.eu/commission/presscorner/detail/en/ip_20_2484

  15. Grusa, B.L.: Contracting beyond copyright: procd, inc. v. zeioenberg. Harvard J. Law Technol. 10(2), 353–367 (1997)

    Google Scholar 

  16. Feist publications, inc. v. rural telephone service company, inc. (1991). https://www.law.cornell.edu/supremecourt/text/499/340. Case No. 89-1909

  17. Franklin Waddell, T., Auriemma, J.R., Shyam Sundar, S.: Make it simple, or force users to read? paraphrased design improves comprehension of end user license agreements. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 5252–5256. Association for Computing Machinery, New York, NY, USA (2016). ISBN 9781450333627. https://doi.org/10.1145/2858036.2858149

  18. Masson, M.E.J., Waldron, M.A., Effectiveness of plain language redrafting: Comprehension of legal contracts by non-experts. Appl. Cogn. Psychol. 8, 67–85 (1994)

    Article  Google Scholar 

  19. Newitz, A.: Dangerous terms: a user’s guide to eulas (2005). https://www.eff.org/wp/dangerous-terms-users-guide-eulas

  20. Apple watchos software license agreement (2021). https://www.apple.com/legal/sla/docs/watchOS8.pdf

  21. Terms of service (2022). https://www.fitbit.com/global/us/legal/terms-of-service

  22. Gear end user license agreement for samsung software (eula) (2017). https://www.samsung.com/us/Legal/SamsungLegal-EULA-GEAR/

  23. Important safety and product information important safety and product information (2023). https://static.garmin.com/pumac/ISPI_Fitness_PulseOx.pdf

  24. Hern, A.: I read all the small print on the internet and it made me want to die (2015). https://www.theguardian.com/technology/2015/jun/15/i-read-all-the-small-print-on-the-internet

  25. Device security guidance (2021). https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/keeping-devices-and-software-up-to-date

  26. About privacy and security for apple products centred on education (2023). https://support.apple.com/en-gb/HT208525

  27. Bhuiyan, J.: Apple says it prioritizes privacy. experts say gaps remain (2022). https://www.theguardian.com/technology/2022/sep/23/apple-user-data-law-enforcement-falling-short

  28. Germain, T.: Apple says your iphone’s usage data is anonymous, but new tests say that’s not true (2022). https://gizmodo.com/apple-iphone-privacy-dsid-analytics-personal-data-test-1849807619

  29. Landi, H.: Fitbit, apple user data exposed in breach impacting 61M fitness tracker records (2021). https://www.fiercehealthcare.com/digital-health/fitbit-apple-user-data-exposed-breach-impacting-61m-fitness-tracker-records. Fierce Healthcare

  30. Rao, L.: Sexual activity tracked by fitbit shows up in google search results (2011). https://techcrunch.com/2011/07/03/sexual-activity-tracked-by-fitbit-shows-up-in-google-search-results/. Tech Crunch

  31. What’s new in google system updates (2023). https://support.google.com/product-documentation/answer/11412553?hl=en_zippy=%2Cjanuary%2Cdecember

  32. Barsallo Yi, E., Zhang, Maji, H., A.K., Bagchi, S.: Vulcan: a state-aware fuzzing tool for wear OS ecosystem. In: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services, MobiSys 2020, pp. 480–481. Association for Computing Machinery, New York, NY, USA (2020). ISBN 9781450379540. https://doi.org/10.1145/3386901.3397492

  33. Tileria, M., Blasco, J., Suarez-Tangil, G.: Wearflow: expanding information flow analysis to companion apps in wear OS. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX (2020)

    Google Scholar 

  34. Six things to learn from the garmin security breach (2022). https://terranovasecurity.com/garmin-security-breach/. Fortra’s Terranova Security

  35. Apple developer program license agreement (2022). https://developer.apple.com/support/downloads/terms/apple-developer-program/Apple-Developer-Program-License-Agreement-20220606-English.pdf

  36. App store review guidelines (2022). https://developer.apple.com/app-store/review/guidelines/_legal

  37. Robillard, J.M., et al.: Availability, readability, and content of privacy policies and terms of agreements of mental health apps. Internet Interv. 17, 100243 (2019). https://doi.org/10.1016/j.invent.2019.100243. ISSN 2214–7829 https://www.sciencedirect.com/science/article/pii/S2214782918300162

  38. Fitbit platform terms of service (2022). https://dev.fitbit.com/legal/platform-terms-of-service/

  39. Android developer program policy (2022). https://support.google.com/googleplay/android-developer/answer/12867690

  40. Garmin connect SDK agreement (2019). https://developer.garmin.com/downloads/connect-iq/sdks/agreement.html

  41. Provide information for google play’s data safety section. https://support.google.com/googleplay/android-developer/answer/10787469

  42. Garmin connect IQ app review guidelines (2021). https://developer.garmin.com/connect-iq/app-review-guidelines/

  43. Garmin (2019). https://developer.garmin.com/downloads/connect-iq/sdks/agreement.html

  44. Planning your watchos app (2023). https://developer.apple.com/watchos/planning/

  45. watchos apps (2023). https://developer.apple.com/documentation/watchos-apps/

  46. Fitbit platform developer and user data policy (2022). https://dev.fitbit.com/legal/platform-developer-and-user-data-policy/

  47. Publishing guide (2023). https://dev.fitbit.com/build/guides/publishing/

  48. App distribution guide (2023). https://developer.samsung.com/galaxy-store/distribution-guide.html

  49. Emine Saner (2018). https://www.theguardian.com/world/2018/may/14/is-your-boss-secretly-or-not-so-secretly-watching-you

  50. Farr, C.: How fitbit became the next big thing in corporate wellness (2016). https://www.fastcompany.com/3058462/how-fitbit-became-the-next-big-thing-in-corporate-wellness

  51. Das, A., Borisov, N., Caesar, M.C.: Tracking mobile web users through motion sensors: attacks and defenses. In: Network and Distributed System Security Symposium (2016)

    Google Scholar 

  52. Londoners give up eldest children in public Wi-Fi security horror show (2014). https://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause

  53. U.s. soldiers are revealing sensitive and dangerous information by jogging (2018). http://wapo.st/2BDFrA4

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, University of Cambridge, Cambridge, UK

    Jessica Monteith, Oliver Shapcott, Anna Talas & Pranav Dahiya

Authors
  1. Jessica Monteith
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oliver Shapcott
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anna Talas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pranav Dahiya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jessica Monteith .

Editor information

Editors and Affiliations

  1. University of Cambridge, Cambridge, UK

    Frank Stajano

  2. Masaryk University, Brno, Czech Republic

    Vashek Matyáš

  3. University of Hertfordshire, Hatfield, UK

    Bruce Christianson

  4. Memorial University of Newfoundland, St. John’s, NL, Canada

    Jonathan Anderson

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Monteith, J., Shapcott, O., Talas, A., Dahiya, P. (2023). Who Is Benefiting from Your Fitness Data? A Privacy Analysis of Smartwatches. In: Stajano, F., Matyáš, V., Christianson, B., Anderson, J. (eds) Security Protocols XXVIII. Security Protocols 2023. Lecture Notes in Computer Science, vol 14186. Springer, Cham. https://doi.org/10.1007/978-3-031-43033-6_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43033-6_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43032-9

  • Online ISBN: 978-3-031-43033-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation