A look at the security and privacy of Fitbit as a health activity tracker

Abstract

Given the popularity of consumer grade wearable health trackers, there is an increasing need to evaluate their accuracy and security. In this paper, we present the results of a study with 24 participants who used and evaluated a small form factor personal health device, the Fitbit Blaze. Our study includes both the analysis of data taken from an exercise-based experiment and a review of the security risks associated with current protocols used to access Fitbit device data and participant information. In addition to discussion of the FitBit’s accelerometer and pulse data as compared to clinical grade devices, we gathered and analyzed subjective participant data on usability and perception of privacy and security using both quantitative and subjective methods. Results showed that FitBit accuracy was not equivalent to medical grade devices, that a majority of risk comes from potentially fraudulent third party applications, and that users are typically justified in their concerns.