Best Practices For Fitness Tracker Security

Updated: Jul 31



We click "start," and without thought, we've begun instantly broadcasting our location with incredible accuracy. This data helps athletes stay in tune with pace, heart rate, power ratings, and even step count throughout a workout. Information is easily stored and accessible, so we can analyze the nuances and address any anomalies when working for peak performance. How exactly do our devices track and gather information, and how accessible is this information to people looking to cause harm to unsuspecting users?


How Do Fitness GPS Trackers Work?


Technology giant Garmin states that "global positioning system (GPS) is a satellite-based navigation system made up of at least 24 satellites." Initially developed for military use, GPS began transitioning into civilian life in the 1980s. Today, GPS tracking systems have been integrated into fitness watches and cell phones. When you start your outdoor workout, signals are sent between your device and a series of satellites to pinpoint your location through a process called triangulation.


According to Dan Lund of TomTom, "triangulation is a way to determine the difference between the time that your device receives a GPS signal and the time that GPS signal was sent to your device. The difference between sending and receiving a GPS signal determines how far away the satellite is." This process happens in real-time, allowing you to know where you are in real-time as well as the speed and direction you're heading.



How Is Information From Fitness Trackers Stored?


Most fitness trackers, both watches and cellphones, have applications integrated to compile data from workouts. Information such as route, time of day, pace, and potentially vitals such as heart rate and oxygen levels are saved to an account for future reference. Often this information is backed up to a cloud-based service as well. Storage of this information can be wildly beneficial when gearing up for a goal race, but this information can quickly become public if precautions aren't taken in advance.



How Can Someone Access My Information?


One of the most common ways people access data is taking advantage of athletes that have applications or profiles set to "public." For example, runners using a Strava account can set their profile to private or public. If a profile is set to public, current and past information, including route and location of training, can be easily found.


Another way people or companies access information is through voluntary submission. Companies have realized human tendencies to rush through the fine print when signing up for a new service. In Garmins' end-user agreement, they clearly state, "If you elect to use location-based services on the application, such as weather, the physical location of your device will be collected to provide you with such location-based services." Having up-to-date weather reports can be vital when training, but if you carry your smartphone when training, there's no sense in having multiple devices broadcasting the same information.


Hack. According to The Gadgets Judge, many users are unaware that by gaining access to a fitness tracker, culprits may gain access to a smartphone via a Bluetooth connection. This may not be a significant concern for most athletes playing the game of odds, but it's something to be aware of and perhaps calls for a review of security practices.



What Can Someone Do With My Information?


Companies use information collected to help determine how to develop new services and get the most out of current products. Some companies have been known to sell data to other organizations to create products and services geared towards your liking. For example, most fitness tracker companies collect names, email addresses, and locations. In addition, they may collect height, weight, age, demographics, and even sleep patterns.


Garmin states, "sometimes we need to collect your device's location to make it a lot easier to tell you about traffic, and even movie prices near you."


According to the New York Times, "the data collected by the vast majority of products people use every day isn't regulated. Since no federal privacy laws are regulating many companies, they're pretty much free to do what they want with the data, unless a state has its own data privacy law."


Hackers can gain access to daily vital signs, how many calories you consume in a day, your movement patterns throughout the day and during training sessions, your sleep patterns, and more. Once hacked, they may be able to gain access to your cellphone through your fitness tracker, aka, the goldmine.



What Are The Best Security Practices For Fitness Trackers And Apps?


Set and require strong passwords – When creating a password, choose a password of at least eight characters, include both upper- and lower-case letters, integrate special characters into all passwords, and change your passwords frequently. *Don’t create a password that relates to any aspect of your personal life.


Encrypt your phone – Many cellphones have the option to encrypt your phone and cloud data. Whether you use an iPhone or Android device, there are steps you can take to encrypt your phone.


Limit access and permissions – Set all user profiles to private. Scrutinize who you follow and who you allow to follow you. Apps like Strava use the “hide my map” feature to make it difficult to pinpoint where you begin and end your training session. In addition, consider changing your route frequently or the time of day you train to minimize the risk of someone locating you.


Minimize data initially provided to companies – Most companies specializing in fitness-related activities ask for related health history. While providing this information can perhaps enhance features and accuracy, it’s not necessary for performance. For years athletes have trained at high levels without the data. Review the information you provide and ask yourself if it’s indispensable in relation to your goals.



While some athletes may not be concerned with data related to their training efforts, it's important to be mindful that by gaining access to one device, the risk of exposure across other devices increases. Technology continues to evolve faster than most consumers can adjust to. Review your privacy settings often, and trust your gut when interpreting suspicious activity.