- Online privacy app Surfshark analyzed 16 different fitness apps
- He reported on the amount of personal data these apps collect, with Fitbit and Strava collecting the most.
- Here’s what it means for users of these apps and some simple ways to better protect your privacy.
It’s fitness season, and now that the holidays are over, many people will be downloading a new fitness app to fulfill their resolution to get fit, build muscle, or lose weight in 2026.
But fitness apps consume as much data as any other app, recording and sometimes sharing personal data, including sensitive information you’d prefer to keep private.
A study from online security firm Surfshark analyzed 16 top fitness apps, including Fitbit, Strava, Apple Health, PUSH, Centr and more, using TechRadar’s own list of the best fitness apps along with other sources, and ranked them in terms of the amount of data they collected.
Rankings are based on the different types of data collected, such as location, contact information, health or search history. Surfshark also analyzed whether the app used data for tracking.
Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.
“Tracking also refers to sharing user or device data with data brokers.”
Surfshark’s report also recorded which apps were collecting data that they don’t actually need for their functionality. You expect a fitness app to collect health and fitness data, for example, but you might not expect it to collect information about your search history or advertising data.
Four apps collect “sensitive data,” a category of data related to race or ethnicity, sexual orientation, fertility data, genetic information, biometric data, or even information about your employment status or union membership.
All information was obtained from the Apple App Store. You can see a screenshot below of Fitbit’s listing on the App Store, illustrating some of the different types of data collected.
The results
Fitbit tops the list and collects 24 different types of data, including advertising and sensitive data. Of these, only five types of data are necessary for the functionality of the application, and the remaining 19 are classified as “beyond the functionality of the application.” In other words, according to Surfshark, Fitbit is collecting 19 types of data that it doesn’t actually need to run the app.
However, Surfshark states that Fitbit does not use this information for tracking.
Next up is Strava, which is arguably even hungrier for your data. Collects 21 different types of data and Surfshark says none of the data collected It is essential to run the application. It also shares data for tracking with third parties, according to the report. However, no sensitive data is collected.
Next up is Nike Training Club, which collects 20 different types of data, including sensitive data, and uses it for tracking purposes.
Centr was found to be at the bottom of the list with only three types of data collected, although it even shares data for tracking purposes. The report says PUSH distinguishes itself as “the least invasive app” as it collects data without linking it to users.
What does this mean for users?
While Fitbit being the leader in data collection isn’t necessarily surprising (after all, it’s run by Google and linked to your Google account, and Google is an operation famous for its data consumption), it doesn’t share your personal or sensitive data with third parties, according to the report, possibly because it’s been blocked from doing so.
When Google first acquired Fitbit in 2021, top economists feared the merger would “monetize health data and harm consumers.” Consequently, the European Commission stipulated that the merger could go ahead, but with a 10-year ban on using health data for marketing purposes.
Strava, an app based on sharing your location, has been in trouble for privacy issues many times. Accidentally revealed military bases in war zones by publishing heat maps of user activity. Journalists have also used government officials’ Strava accounts to predict the whereabouts of heads of state, including Joe Biden and Vladimir Putin, and our sister publication Cycling Weekly reported that hackers can find out where you live on Strava, even if you use tools to hide the start and end of an activity.
Perhaps most frightening of all is the potential for some apps to collect and share sensitive data, a type of personal information about your identity and health, including fertility data for people who use apps to track their periods, along with biometric and even genetic data. While this type of data has additional legal protections in some areas like the EU, thanks to the GDPR, there is no special protection for this type of data in the US when it is shared outside of a medical context.
5 ways to protect your privacy
It’s difficult to disassociate yourself from the complex web of shared personal information that constitutes the modern smartphone. Everything is connected, and the more it is shared, the easier it is for us to be hacked and tracked. Accepting the use of these applications, which otherwise offer really excellent services, means giving your consent for them to use your information in this way.
However, you can mitigate what data is collected and how much, and retain some semblance of control over who accesses your data.
- New accounts: Instead of using the same email for everything, you can create a new account, one that’s not tied to your personal life, specifically for logging into data-intensive apps.
- Check your permissions: Update the permission settings on your phone regularly. By doing this, you can deny permission to some apps to track your location or personal data where appropriate. You can also change the settings of certain apps from tracking you all the time to “While using the app” to retain some degree of control.
- Minimize location leaks: Walk or run a short distance from your home before starting a location-sharing activity on Strava or an equivalent app.
- Check the fine print: When downloading apps in the future, always scroll down the App Store or Play Store to check what data the app collects before agreeing to its terms of service.
- Multi-factor authentication: To avoid being hacked as a result of a data leak, make sure that all email addresses you use to sign up for these apps have multi-factor authentication enabled. It’s a simple trick that prevents your email account from being hacked in up to 99% of cases, according to Microsoft.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
