How many steps did you walk today?
Now more than ever, you probably have some kind of fitness app or wearable device to tell you the answer. A growing number of people are turning to wellness applications to monitor sleep schedules, log workout progress, trace running routes, or track monthly periods.
But while fitness applications can provide an array of helpful services to aide in monitoring your health, they also pose many security risks. According to data from the Future of Privacy Forum, only 60 percent of wellness-centered apps have privacy policies. General apps with privacy policies come in at 76 percent.
Lack of proper privacy procedures can make your information more vulnerable on the very apps where you provide your most sensitive details. Health programs can collect personal data such as height, weight, medical conditions and more. GPS services — which can help with running routes and other features in certain apps — also may expose information about where you spend your time, what you are doing there, and when.
Third parties gaining access to this kind of information — either through data selling or hacking — could pose various risks. On the most innocuous end of the spectrum, companies can use your information to provide targeted advertising. For example, knowing you practice yoga daily could lead to you receiving ads for a specific type of yoga mat or attire.
But there are also more dangerous hazards. Insurance companies could access data about your health that could affect coverage and premiums. Cyberstalkers could track your daily workout location and know exactly what time you’ll be there. Personal information can be used to steal an identity. It’s not hard to imagine other potential disaster scenarios in which users would prefer their most private medical information not be made available to third parties.
In the medical world, patient information is safeguarded by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). But many apps gather similar details without the same protection.
What To Do?
If you do want to move forward with using health and wellness apps, there are precautions you can take to maximize security as much as possible within a vulnerable framework. Experts recommend using an alias when naming a device or creating a profile on an app that tracks GPS, so location data isn’t easily tied back to you. As with most accounts, you should use a unique password so someone who hacks into a different login can’t also access the rest of your information. You should also be aware of and control what information you are set to share socially via the app — do you really need to share your running routes on social media? — and keep current on updates that often address discovered security bugs.
With the prevalence of hacking and data sharing in today’s internet landscape, many people take careful precautions in securing their email, social media accounts, and websites through third-party plug-ins and malware protection. Fitness apps may not appear to be targets, but their sensitive data and weak privacy policies make them vulnerable. It’s vital that users are aware of the possible security risks, so they can make informed decisions about protecting their personal information.