A new report found that most of the popular fitness trackers do a bit more than just count the number of steps the user has taken. They let others in on your progress as well.
In the early draft of Every Step You Fake: A Comparative Analysis of Fitness Tracker Privacy and Security, the Canadian nonprofit Open Effect said that all the devices it studied transmitted a unique Bluetooth identifier that can be tracked by beacons that many retailers are using to recognize their customers. Only the Apple Watch had a technique to block the beacons, according to a report in PC World.
The bands can be tracked even if they’re not paired with a smartphone, according to the researchers. Companion apps for the wearables also leak login credentials, allowing users to submit fake tracking information.
“In the course of our technical investigations into transmission security, data integrity, and Bluetooth privacy, we discovered several issues that confirm concerns about the potential uses of fitness-tracking data beyond the typical case of a user monitoring their own personal wellness,” wrote the authors of the report. “The fitness data generated by several wearable devices can be falsified by motivated parties, calling into question the degree to which this data should be relied up for insurance or legal purposes.”