New year, new me – but same old data dilemma: fitness apps and their privacy implications

December 2021
 by Yana Milcheva

New year, new me – but same old data dilemma: fitness apps and their privacy implications

December 2021
 By Yana Milcheva

From avid runners to newbies just starting out on our fitness journey, many of us will be donning our workout gear and running shoes as soon as January arrives. Millions of us choose the new year to start a fitness drive, with fitness app downloads enjoying a corresponding seasonal spike in popularity. App stores include hundreds of fitness tracking apps that can be synced with our smartwatches or fitness trackers, making it easier than ever to stay on track with our fitness goals, connect with like-minded individuals and compare our performance to others’. However, the drive to keep fit while constantly interacting with others can come at a cost to our privacy.

Strava, Flyby and privacy controls

Some of the most popular fitness tracking apps, such as Strava and MapMyRun, have come under public scrutiny due to their privacy policies and default settings. In October 2020, a Twitter user posted a thread expressing their concern regarding Strava’s Flyby feature, which allowed users to see a map overlay of any nearby users’ activities. Using Flyby, your profile could be seen by any Strava user exercising in the same radius as you, regardless of whether they were in your friends list. At the time, the Flyby feature was switched on by default for new users joining the app, meaning their location data could be shared by those nearby unless they actively switched it off in their settings. The subsequent Twitter storm over the privacy threat that Flyby imposed resulted in Strava turning the feature off by default for all users. You can still switch Flyby on, but it is now an active choice rather than the default option.

Strava’s privacy controls relate to social and general fitness features. The best way to make sure your privacy is protected is to manually select the amount of personal information that you are willing to make public. With Strava’s Enhanced Privacy feature, you can choose to hide some of your personal fitness activity but still share limited public data on the app’s leaderboards, during group activities, and in Flybys if you choose to sign up to them.

Perhaps the most useful feature offered by Strava when it comes to protecting your privacy is the Privacy Zones. This feature enables you to hide certain parts of your usual routes, such as around your home or office. Setting your own Privacy Zones will enable you to conceal sensitive information while still enjoying Strava’s social features.

MapMyRun: developing connections vs protecting your privacy

Strava is not the only platform where care is needed in weighing up the benefits of sharing your fitness progress against the risks of revealing too much of your personal information. MapMyRun, an app developed by American sports goods company Under Armour, is one of the most-used fitness apps with a total of 143,000 reviews on Apple’s App Store. The app’s default sharing settings keep users’ physical stats private, and their activity stats visible only to their friends on the app. However, their ‘lookup information’ is public by default, meaning that their first and last name, location, gender, username, fitness activity and profile picture are all set as public.

According to Under Armour, this information is made public to facilitate greater engagement between users, because developing connections on the app is crucial for an optimal user experience. But while you can withdraw your consent and make your personal information private, this does not mean your privacy is entirely protected. Under Armour’s data processing servers are located in the United States, so all user data is collected, processed and stored in that country, regardless of where users are based. The United States’ privacy protection laws are not nearly as stringent as the ones imposed by the European Union and the United Kingdom, so even if you take measures to protect your personal information via the app’s settings, there is a chance that MapMyRun will be providing some of your data to third parties. Map My Run’s user privacy policy states that, when providing its location-based features, the app, its partners, and licensees may collect, use and share users’ precise location information, including real-time geographic location of users’ devices. Further, the policy notes that this information is shared automatically with some third-party partners, such as Google.

Steps you can take to protect your data

The multitude of ways that your personal information could be used by companies is not something you can overlook, especially at a time when people are becoming more aware of, and protective over, their online privacy. However, there are still measures you can take to ensure your data is not misused. Under Armour enables you to submit a ‘withdraw consent request’ for your accounts and personal information to be deleted from the app’s servers. Even after your request has been granted, you can still use some of the functions provided by the app: you can view routes, workouts and events, or search for food and use the calorie calculators. Similarly, you can deny Strava access to your health-related data. If you choose to do so, you would still be able to upload activities on the app, but you would risk losing certain data, such as activity type and biometric data. The level of privacy you choose to implement across your fitness tracking apps depends on how much you value the social interactions and communities established online.

From tracking your calorie intake to keeping a record of your runs, fitness apps can provide a host of benefits to your daily routines. Indeed, one of the most valuable features of such apps is the opportunity to join a community of like-minded individuals, whose support could help you reach your fitness goals. Striking a balance between keeping your information private and making meaningful online connections is a dilemma that will persist over the coming years, as we become ever-more connected to others online.

Join our newsletter and get access to all the latest information and news:

© Digitalis Ltd. All rights reserved. Privacy Policy.