That fitness app on your phone is likely likely leaking personal data

Health and fitness apps are a great way to get to know your body, take care of your mindset, and even track sleep cycles— but all those fitness apps might be hurting you as they can access and share intimate personal data.

According to a new study published in the British Medical Journal, health and fitness apps that help smartphone users track every step of their wellness journey could be stealing their private information.

How health apps are violating your privacy

The study found that more than 20,000 different health-and-fitness-related apps have inadequate privacy disclosures that, in turn, prevent the average user from making informed choices about what’s actually going on with their data. At least a third of these apps collect user email addresses. Even more significant, these apps share data with third-party businesses including advertisers.

In addition, many of the apps used insecure communication protocols, had no privacy policies in place, or only technically complied with what privacy policies there were. Despite this, just 1.3% of user reviews raised concerns about their privacy.

The more health apps, the more vulnerable you are

The rise of both smartphone and wellness apps throughout the pandemic has made privacy concerns even more pressing to critics. Technology companies are trying to strike the right balance between the public’s call for more digital privacy and the financial needs of developers.

Most recently, Google has announced it will create a new safety section in its Play app store. Apple offers an anti-tracking feature that lets iPhone users refuse apps access to their personal data and browsing history.

The FDA recommends that manufacturers of medical devices, including app developers,  be required to incorporate risk management into the lifecycle of the products to help protect patients and users. It wants app developers and the like to “address vulnerabilities which may permit the unauthorized access, modification, misuse, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient, and may result in patient harm.”

But until there have been actionable changes in how health and fitness apps manage, store, and protect sensitive health-related data, users should carefully consider exactly what they’re really willing to expose.

The FDA has yet to name a finite date in which these changes will go into effect.