- Online privacy app Surfshark analyzed 16 different fitness apps
- It reported on the amount of personal data collected by these apps, with Fitbit and Strava collecting the most.
- Here’s what that means for users of these apps and some easy ways to better protect your privacy
It’s fitness season, and now that the holidays are over, many people will be downloading a new fitness app to accompany their resolution to get in shape, build muscle, or lose weight in 2026.
But fitness apps are as data-intensive as any other app, sometimes recording and sharing personal data – including sensitive information you’d prefer to keep private.
A study from online security company Surfshark looked at 16 of the best fitness apps, including Fitbit, Strava, Apple Health, PUSH, Centr and more, using TechRadar’s own list of the best fitness apps in conjunction with other sources, and ranked them based on the amount of data collected.
Rankings are based on the different types of data collected, such as location, contact details, health or search history. Surfshark also checked whether the app was using data for tracking.
Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for the purposes of targeted advertising or ad measurement.”
“Tracking also refers to sharing user or device data with data brokers.”
The Surfshark report also recorded which apps were collecting data they didn’t actually need to function. You’d expect a fitness app to collect data about health and fitness, for example, but you might not expect it to collect information about your search history or advertising data.
Four apps collect “sensitive data,” a category of data relating to race or ethnicity, sexual orientation, fertility data, genetic information, biometric data, or information about your employment status or union membership.
All information was collected from the Apple App Store. You can see a screenshot of Fitbit’s listing on the App Store below, which illustrates some of the different types of data collected.
The results
Fitbit tops the list, collecting 24 different types of data, including advertising and sensitive data. Of these, only five types of data are necessary for application functionality, with the remaining 19 classified as “beyond application functionality”. In other words, according to Surfshark, Fitbit collects 19 types of data that it doesn’t actually need to run the app.
However, Surfshark clarifies that Fitbit does not use this information for tracking purposes.
Next comes Strava, which is arguably even more data intensive. It collects 21 different types of data, and Surfshark says none of the data collected is essential to run the application. It also shares tracking data with third parties, according to the report. However, no sensitive data is collected.
Next up is Nike Training Club, which collects 20 different types of data, including sensitive data, and uses it for tracking purposes.
Centr ended up at the bottom of the list with only three types of data collected, even though it shares data for tracking purposes. The report states that PUSH stands out as “the least invasive app,” collecting data without linking it to users.
What does this mean for users?
While Fitbit being the leader in data collection isn’t necessarily surprising (it’s run by Google and tied to your Google account after all, and Google is a notoriously data-intensive operation), it doesn’t share your personal or sensitive data with third parties, according to the report — perhaps because it’s been prevented from doing so.
When Google first acquired Fitbit in 2021, prominent economists worried that the merger would “monetize health data and harm consumers.” As a result, the European Commission stipulated that the merger could go ahead, but with a 10-year ban on the use of health data for marketing purposes.
Strava, an app based around sharing your location, has repeatedly been in hot water over privacy concerns. It accidentally exposed military bases in war zones by posting heat maps of user activity. Journalists have also used the Strava accounts of government officials to predict the whereabouts of heads of state including Joe Biden and Vladimir Putin, and our sister publication Cycling Weekly reported that hackers can find out where you live on Strava, even if you use tools to hide the start and end of a race.
Perhaps scariest of all is the possibility that some apps will collect and share sensitive data, a class of personal information about your identity and health, including fertility data for people using apps to track their periods, as well as biometric and even genetic data. Although these types of data have additional legal protections in some areas like the EU, thanks to GDPR, there are no special protections for this type of data in the United States when shared outside of a medical context.
5 ways to protect your privacy
It’s hard to dissociate yourself from the complex web of shared personal information that is the modern smartphone. Everything is connected, and the more everything is shared, the easier it is for us to be hacked and tracked. Agreeing to use these apps, which otherwise offer really interesting services, means consenting to them using your information in this way.
However, you can limit what data is collected and how much, and maintain some semblance of control over who accesses your data.
- New accounts: Rather than using the same email address for everything, you can create a new account, independent from your personal life, specifically for logging into data-intensive apps.
- Check your permissions: Update your phone’s permission settings regularly. By doing this, you can deny certain apps permission to track your location or personal data, if applicable. You can also change settings for some apps, from Always Tracking to “While Using the App” to maintain some degree of control.
- Minimize location leaks: Walk or run a short distance from home before starting a location sharing activity on Strava or an equivalent app.
- Check the fine print: When downloading apps in the future, always scroll down in the App Store or Play Store to review the data collected by the app before agreeing to its terms of service.
- Multi-factor authentication: To avoid being hacked following a data breach, make sure that any email addresses you use to sign up for these apps have multi-factor authentication enabled. This is a simple trick that prevents your email account from being hacked in up to 99% of cases, according to Microsoft.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
