April Fong | business.financialpost.com
You want to get healthy this year and you’ve armed yourself with a fitness tracking device to help you out. But is all that data — everything from your daily step count to your moods, blood pressure and heartbeat — safe?
That’s the question a recent study from the University of Toronto is raising, after finding that health and location data from a number of popular fitness trackers can be easily leaked and even manipulated to create fake records.
While some argue that consumers need not panic, the report raises important questions, as fitness-tracker information is increasingly used in everything from insurance to corporate wellness programs, and even as evidence in criminal court cases.
“We’ve seen instances where fitness tracking data has been used in courts of law to show that a person was doing something at a certain time,” said one of the study’s authors, Andrew Hilts, executive director of Open Effect and research fellow at the Munk School of Global Affairs at the University of Toronto. “The fact that we can retroactively insert records or delete them, can call into question the reliability of fitness tracking data as evidence.”
Hilts and his co-authors tested eight fitness trackers and their companion apps, including the Apple Watch, Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Withings Pulse O2, Xiaomi Mi Band and the Canadian-made Mio Fuse.
In one experiment, Hilts said he was able to send fake data to the Jawbone server that he walked 10 million steps in one day. By comparison, Fitbit and many other fitness trackers set a default goal on their devices of 10,000 steps per day.
“The data needs to be trustworthy,” Hilts said. “When your activity levels are tied to the data reported by these fitness trackers, suddenly the accuracy of the data is quite important if it affects reimbursements on your paycheque, or it affects (your) insurance premium.”