Abstract
Over the last decade, smartwatches have become prevalent, and the market is estimated to grow, reaching a value of $80.1 billion by 2028 [1]. The increase in the market share was primarily due to the attractive personal features related to fitness, which could fulfil the three basic psychological needs: autonomy, competence and relatedness [2]. As a result, user uptake increased rapidly. However, fitness data is also very personal. While many users share their fitness data, they do not want it to be used or shared without their consent. Data protection is required by law, but if users need to learn how their data is used and whether or not the operations follow the privacy policies, how do they know that their data is protected? Our research analyses the agreements between each party involved around the end users of smartwatches and looks at how the smartwatch vendors and application developers handle data. As our case studies, we analyse how privacy could be violated using four of the biggest market share holders, namely Apple, Fitbit, Samsung and Garmin.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Class Action -“a legal action that is organized by a group of people who all have the same legal problem” - Cambridge Dictionary.
References
Vantage Market Research: Global smartwatch market size & share to surpass USD 80.1 Bn by 2028 (2022). https://www.globenewswire.com/en/news-release/2022/10/18/2536067/0/en/Global-Smartwatch-Market-Size-Share-to-Surpass-USD-80-1-Bn-by-2028-Vantage-Market-Research.html
Deci, E.L., Ryan, R.M.: The “what’’ and “why’’ of goal pursuits: human needs and the self-determination of behavior. Psychol. Inq. 11(4), 227–268 (2000). https://doi.org/10.1207/S15327965PLI1104_01
Gregersen, E.: Smartwatch (2022). https://www.britannica.com/technology/smartwatch
Brief history of the smartwatch (2020). https://rotatewatches.com/2020/12/04/brief-history-of-the-smart-watch/
Richter, F.: What smartwatches are actually used for (2017). https://www.statista.com/chart/10783/use-cases-for-smartwatches/
McKeon, J.: 61M fitbit, apple users had data exposed in wearable device data breach (2021). https://healthitsecurity.com/news/61m-fitbit-apple-users-had-data-exposed-in-wearable-device-data-breach
Liu, X., Zhou, Z., Diao, W., Li, Z., Zhang, K.: When good becomes evil: keystroke inference with smartwatch. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 1273–1285. Association for Computing Machinery, New York, NY, USA (2015). ISBN 9781450338325. https://doi.org/10.1145/2810103.2813668
Munk, C.W.: The biggest security risks of using fitness trackers and apps to monitor your health (2022). https://www.cnbc.com/2022/11/26/the-biggest-risks-of-using-fitness-trackers-to-monitor-health.html
Cyr, B., Horn, W., Miao, D., Specter, M.A.: Security analysis of wearable fitness devices (fitbit) (2014)
McMullen, G., Fairfield, R.: 2019 quantified self report card (2019). https://humandatacommons.org/wp-content/uploads/2019/11/HDC-Quantified-Self-Report-Card-2019.pdf
Statista Consumer Insights: Smartwatch market share worldwide in 2020 and 2021, by vendor (2023). https://www.statista.com/statistics/1296818/smartwatch-market-share/
Statista Consumer Insights: Ehealth tracker / smart watch usage by brand in the uk (2022). https://www.statista.com/forecasts/997782/ehealth-tracker-smart-watch-usage-by-brand-in-the-uk
Privacy. https://www.apple.com/privacy/
European Commission: Mergers: commission clears acquisition of fitbit by google, subject to conditions (2020). https://ec.europa.eu/commission/presscorner/detail/en/ip_20_2484
Grusa, B.L.: Contracting beyond copyright: procd, inc. v. zeioenberg. Harvard J. Law Technol. 10(2), 353–367 (1997)
Feist publications, inc. v. rural telephone service company, inc. (1991). https://www.law.cornell.edu/supremecourt/text/499/340. Case No. 89-1909
Franklin Waddell, T., Auriemma, J.R., Shyam Sundar, S.: Make it simple, or force users to read? paraphrased design improves comprehension of end user license agreements. In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 5252–5256. Association for Computing Machinery, New York, NY, USA (2016). ISBN 9781450333627. https://doi.org/10.1145/2858036.2858149
Masson, M.E.J., Waldron, M.A., Effectiveness of plain language redrafting: Comprehension of legal contracts by non-experts. Appl. Cogn. Psychol. 8, 67–85 (1994)
Newitz, A.: Dangerous terms: a user’s guide to eulas (2005). https://www.eff.org/wp/dangerous-terms-users-guide-eulas
Apple watchos software license agreement (2021). https://www.apple.com/legal/sla/docs/watchOS8.pdf
Terms of service (2022). https://www.fitbit.com/global/us/legal/terms-of-service
Gear end user license agreement for samsung software (eula) (2017). https://www.samsung.com/us/Legal/SamsungLegal-EULA-GEAR/
Important safety and product information important safety and product information (2023). https://static.garmin.com/pumac/ISPI_Fitness_PulseOx.pdf
Hern, A.: I read all the small print on the internet and it made me want to die (2015). https://www.theguardian.com/technology/2015/jun/15/i-read-all-the-small-print-on-the-internet
Device security guidance (2021). https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/keeping-devices-and-software-up-to-date
About privacy and security for apple products centred on education (2023). https://support.apple.com/en-gb/HT208525
Bhuiyan, J.: Apple says it prioritizes privacy. experts say gaps remain (2022). https://www.theguardian.com/technology/2022/sep/23/apple-user-data-law-enforcement-falling-short
Germain, T.: Apple says your iphone’s usage data is anonymous, but new tests say that’s not true (2022). https://gizmodo.com/apple-iphone-privacy-dsid-analytics-personal-data-test-1849807619
Landi, H.: Fitbit, apple user data exposed in breach impacting 61M fitness tracker records (2021). https://www.fiercehealthcare.com/digital-health/fitbit-apple-user-data-exposed-breach-impacting-61m-fitness-tracker-records. Fierce Healthcare
Rao, L.: Sexual activity tracked by fitbit shows up in google search results (2011). https://techcrunch.com/2011/07/03/sexual-activity-tracked-by-fitbit-shows-up-in-google-search-results/. Tech Crunch
What’s new in google system updates (2023). https://support.google.com/product-documentation/answer/11412553?hl=en_zippy=%2Cjanuary%2Cdecember
Barsallo Yi, E., Zhang, Maji, H., A.K., Bagchi, S.: Vulcan: a state-aware fuzzing tool for wear OS ecosystem. In: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services, MobiSys 2020, pp. 480–481. Association for Computing Machinery, New York, NY, USA (2020). ISBN 9781450379540. https://doi.org/10.1145/3386901.3397492
Tileria, M., Blasco, J., Suarez-Tangil, G.: Wearflow: expanding information flow analysis to companion apps in wear OS. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020). USENIX (2020)
Six things to learn from the garmin security breach (2022). https://terranovasecurity.com/garmin-security-breach/. Fortra’s Terranova Security
Apple developer program license agreement (2022). https://developer.apple.com/support/downloads/terms/apple-developer-program/Apple-Developer-Program-License-Agreement-20220606-English.pdf
App store review guidelines (2022). https://developer.apple.com/app-store/review/guidelines/_legal
Robillard, J.M., et al.: Availability, readability, and content of privacy policies and terms of agreements of mental health apps. Internet Interv. 17, 100243 (2019). https://doi.org/10.1016/j.invent.2019.100243. ISSN 2214–7829 https://www.sciencedirect.com/science/article/pii/S2214782918300162
Fitbit platform terms of service (2022). https://dev.fitbit.com/legal/platform-terms-of-service/
Android developer program policy (2022). https://support.google.com/googleplay/android-developer/answer/12867690
Garmin connect SDK agreement (2019). https://developer.garmin.com/downloads/connect-iq/sdks/agreement.html
Provide information for google play’s data safety section. https://support.google.com/googleplay/android-developer/answer/10787469
Garmin connect IQ app review guidelines (2021). https://developer.garmin.com/connect-iq/app-review-guidelines/
Garmin (2019). https://developer.garmin.com/downloads/connect-iq/sdks/agreement.html
Planning your watchos app (2023). https://developer.apple.com/watchos/planning/
watchos apps (2023). https://developer.apple.com/documentation/watchos-apps/
Fitbit platform developer and user data policy (2022). https://dev.fitbit.com/legal/platform-developer-and-user-data-policy/
Publishing guide (2023). https://dev.fitbit.com/build/guides/publishing/
App distribution guide (2023). https://developer.samsung.com/galaxy-store/distribution-guide.html
Emine Saner (2018). https://www.theguardian.com/world/2018/may/14/is-your-boss-secretly-or-not-so-secretly-watching-you
Farr, C.: How fitbit became the next big thing in corporate wellness (2016). https://www.fastcompany.com/3058462/how-fitbit-became-the-next-big-thing-in-corporate-wellness
Das, A., Borisov, N., Caesar, M.C.: Tracking mobile web users through motion sensors: attacks and defenses. In: Network and Distributed System Security Symposium (2016)
Londoners give up eldest children in public Wi-Fi security horror show (2014). https://www.theguardian.com/technology/2014/sep/29/londoners-wi-fi-security-herod-clause
U.s. soldiers are revealing sensitive and dangerous information by jogging (2018). http://wapo.st/2BDFrA4
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Monteith, J., Shapcott, O., Talas, A., Dahiya, P. (2023). Who Is Benefiting from Your Fitness Data? A Privacy Analysis of Smartwatches. In: Stajano, F., Matyáš, V., Christianson, B., Anderson, J. (eds) Security Protocols XXVIII. Security Protocols 2023. Lecture Notes in Computer Science, vol 14186. Springer, Cham. https://doi.org/10.1007/978-3-031-43033-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-43033-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-43032-9
Online ISBN: 978-3-031-43033-6
eBook Packages: Computer ScienceComputer Science (R0)