Fitness Apps — Helpful Tool or Data Breach Fuel?

Smart Watch and Mobile Application

New Year, New Threats

Nearly a month into 2019, many people have maintained their focus and motivation to revisit and reset their fitness plans. To achieve these goals, a great deal of us leverage applications and wearables, such as Fitbit and Apple Watches, to help keep track of workouts, meals, and progress.

Although we all want to stay driven to succeed, it’s important to understand that just like any other connected device, fitness apps and wearables are vulnerable to cybercrime.

When using these apps, you’re providing much of the same data as you would via social media platforms: login credentials, biometric data, geodata, and payment information, are just a few examples.

Many of us don’t think twice about sharing our personal data, but what would happen if your fitness app’s data were to get in the hands of cybercriminals?

A Look Back at the Past

Here are three major fitness apps that exposed personal information of their users in 2018:

  1. Under Armour’s popular food and nutrition logging app, MyFitnessPal, compromised the usernames, email addresses, and hashed passwords of 150 million users, making it one of the largest data breaches to date.
  2. The fitness community PumpUp disclosed email addresses, dates of birth, user’s location and users’ bio with full resolution profile photos.
  3. Polar Flow, a fitness application with a security flaw, exposed sensitive information as well as geolocation details of its users, including soldiers and secret agents.

How to Stay Fit and Protected

Despite how helpful these apps can be, there is also a huge risk that your information will be infiltrated. Be aware of the kind of Personally Identifiable Information (PII) each application asks for and skip any unnecessary fields such as address or month and day of birthdate (year should be enough). Review and restrict the permissions you allow applications to access, such as microphone and photos, and only permit apps or wearables to track your location when you are exercising.

In 2019, the question is no longer if, but rather when, a mobile app will be compromised. It’s all too common a practice to download apps without reading the Terms and Conditions, meaning users are unaware of the permissions being granted to the developers and the type of information being shared. It’s critical to take control and prioritize your mobile safety to avoid becoming the next victim of identity theft.

Three Tips to Keep Your Personal Information Healthy  

  1. Update fitness apps and wearables. As companies patch their security vulnerabilities, out of date apps become defenseless.
  2. Safeguard your passwords. Continuously update login credentials, with complex and difficult to crack passwords.
  3. Invest in a Virtual Private Network (VPN). Use your applications with a piece of mind that your devices are protected.

    Continue following Fighting Identity Crimes to get the latest breach and scam updates, ID protection news & tips from our industry experts!

    Follow us on social!
    Facebook | Twitter | LinkedIn 


The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.