This browser does not support the Video element.
LAKE MARY, Fla. (WOFL FOX 35) - There are new concerns for users of popular fitness trackers. Experts say the information stored by these devices could come back to bite you.
They are some of the trendiest accessories being used today. Many people love keeping up with their physical activity by wearing fitness trackers. "It tracks my steps, it tracks my calories, it tracks my sleep pattern. I love it!" said fitness tracker user Lolite Nimmons.
But, have you ever thought about all the ways that information can be used? Attorney Whitney Boan says you should. "If you're using one of these devices, everything you're doing is being monitored. Think about it, how much you're walking around, where you're going, where you've been, how much you're sleeping, what hours you're sleeping, when you're getting up, when you're moving at whatever pace you're moving. It's a lot of information to have out there," Boan said.
It's information that seems harmless. Who would want to know how long someone sleeps? But imagine all of this information is like pieces of a puzzle. You put it all together , and it paints a bigger picture of what you're doing, where you're going, and who you are. "That information, once it exists, it's available for the bad guys too -- if they can find a way to get it," said Boan.
And it's not just hackers who are cause for concern. Fitness trackers can record, not only your physical location, but also your heart rate. S o someone could figure out how active you are at a specific time.
It also knows when you're sleeping and when you're awake. The reality is, that information can be accessed for a myriad of reasons by police, attorneys, and even insurance companies as an eyewitness, that doesn't lie. "So, if it contradicts what you've said, you may defeat your claim to damages, and that's happened to some individuals already. That information's out there; it can be subpoenaed, it can be gotten," Boan said.
There are examples across the country. Here in Florida, a St. Petersburg woman is charged with making a false report after she claimed she was sexually assaulted in Pennsylvania. She said she was asleep most of the night in question, but police believe the steps recorded on her fitness device prove she was awake and staging the crime scene.
A Canadian attorney is trying to prove a personal injury case by using his client's fitness data. He wants to show her activity level is low for a person her age.
But, even if you're not involved in a court case, your recorded fitness info could still be used against you. Some companies provide fitness trackers to their employees, with incentives to stay in shape. "I could potentially see employers using this information against their employees, in terms of saying whatever you claim you're doing, it's not what you're doing. You're not really sick, you're not where you say you were when you took time off. You're giving a lot of information out, when you have something on your human body tracking what you're doing all the time, and you need to be careful about that," said Boan.
Something else to consider: a Canadian research organization released a report called "Every Step You Fake." They tested nine different types of fitness trackers and found eight of them could be tracked by hacking into the Bluetooth.The study found gaps between what fitness tracking companies say they do in their privacy policies and what actually happens with your personal data.
The researchers said it's a common practice used by retail stores trying to profile their customers.
FOX 35 reached out to every company named in the "Every Step You Fake" study and here were their responses:
Garmin: "We do not share personal data with anyone without the user's express consent, and we do not sell any personal or activity data." Click here for Garmin privacy policy.
Fitbit: "If we believe that disclosure is reasonably necessary to comply with a law, regulation, valid legal process (e.g., subpoenas or warrants served on us), or governmental or regulatory request, to enforce or apply the Terms of Service or Terms of Sale, to protect the security or integrity of the Fitbit Service, and/or to protect the rights, property, or safety of Fitbit, its employees, users, or others. If we are going to release your data, we will do our best to provide you with notice in advance by email, unless we are prohibited by law from doing so." Click here for Fitbit privacy policy.
Apple: "The information you add about yourself is yours to use and share. You decide what information is placed in the Health app, as well as which third-party apps can access your data. When your phone is locked with a passcode or Touch ID, all of your health and fitness data in the Health app is encrypted. And any Health data backed up to iCloud is encrypted both in transit and on our servers. We also require apps that work with HealthKit to provide a privacy policy for you to review. Your data in the Health app and your activity data on Apple Watch are encrypted with keys protected by your passcode. And the Activity app can share your activity and workout data with the Health app on your iPhone." Click here for Apple privacy policy.
Xiaomi: "We will take all practicable steps to safeguard your personal information. However, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the Internet." Click here for Xiaomi privacy policy.
Samsung: "We will not disclose your information to third parties for their own independent marketing or business purposes without your consent. We have put in place reasonable physical and technical measures to safeguard the information we collect in connection with the Services. However, please note that although we take reasonable steps to protect your information, no website, Internet transmission, computer system or wireless connection is completely secure." Click here for Samsung privacy policy.
Bellabeat: "We take reasonable measures to protect personal data about you from unauthorized access or against loss, misuse or alteration by third parties. Despite these efforts to store personal data collected in and through the Service in a secure operating environment that is not available to the public, we cannot guarantee the security of personal data during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of personal data, we cannot guarantee that our security measures will prevent third-parties such as so-called hackers from illegally obtaining access to personal data. We do not warrant or represent that personal data about you will be protected against, loss, misuse, or alteration by third parties." Click here for Bellabeat privacy policy.
Jawbone: "We do not rent, sell or otherwise share your individual, personal information with third parties, except as follows:
"With your consent. We use affiliated and unaffiliated service providers all over the world that help us deliver our service and run our business subject to confidentiality agreements. We share aggregated usage statistics that cannot be used to identify you individually.
"We may share your personal information for the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
"We may disclose your personal information to (a) comply with relevant laws, regulatory requirements and to respond to lawful requests, court orders, and legal process; (b) to protect and defend the rights or property of us or third parties, including enforcing agreements, policies, and terms of use; (c) in an emergency, including to protect the safety of our employees or any person, or (d) in connection with investigating and preventing fraud.
"We apply organizational and technical measures to ensure access to your information is limited to persons with a need to know. Even though we have taken steps to protect your personal information, you should know that neither we nor any company can fully eliminate security risks." Click here for Jawbone privacy policy.
Mio: "Mio Technology is committed to protecting the information you provide us. While Mio Technology cannot guarantee that unauthorized access will never occur, rest assured that we will take great care in maintaining the security of your personal information and in preventing unauthorized access to it through the use of appropriate technology and internal procedures. If a password is used to help protect your accounts and personal information, it is your responsibility to keep your password confidential. Do not share this information with anyone. If you are sharing a computer with anyone you should always choose to log out before leaving a site or service to protect access to your information from subsequent users." Click here for Mio privacy policy.
Withings: "Your data are mainly stored on servers located in France Where are your personal data kept? equipped with the latest security equipment and advanced security techniques and procedures. Access is strictly restricted and various security controls, consisting of security staff, security doors and biometric readers, must be passed. Remote access to the servers is highly restricted and controlled." Click here for Withings privacy policy.