Health and fitness apps violate users privacy

25. februar, 2016

Health and fitness apps share user data with partners and advertisers; can store data after the account is deleted and track you when not in use, according to research by the Norwegian Consumer Council.

Read more about the Consumer Council’s Appfail campaign

Health and fitness apps can be enabling tools to get in better shape and gain greater control over your diet. Unfortunately, you often have to waive basic consumer rights in order to use these apps.

– The companies’ terms and practices violate users’ privacy and basic consumer protection. We also fear that this information could be used for harmful, direct marketing or price discrimination, says Find Myrstad, Director of Digital Policy at the Norwegian Consumer Council.

Endomondo, Runkeeper, Strava, Lifesum and MyFitnessPal have all been analysed in the Consumer Council’s app review.

Samling av app-ikoner.grafikk. User can revoke license to user generated content
Endomondo Rødt kryss. Ikon.
 Runkeeper Rødt kryss. Ikon.
 Strava Rødt kryss. Ikon.
 Lifesum Grønn hake. Ikon.
MyFitnessPal Rødt kryss. Ikon.

All results

Data transfers from Europe to the US

– Technical tests, conducted by the independent research organisation SINTEF on behalf of the Consumer Council, show that data is spread to a number of actors outside the EU.

The tests also revealed that Runkeeper and MyFitnessPal retrieve users’ location when the apps are not in use. Further, when downloaded, Endomondo also asks for access to iPhone user’s location when the app is completely turned off.

–  We do not understand why Runkeeper and Endomondo need their users’ location except during workouts. Tracking a user 24/7 is an extreme measure that can only be justified if it is central to providing the service and if the use of the location data is limited to that purpose, says Finn Myrstad.

Myfitnesspal trails the rest

All the apps come fall short as regards decent consumer protection, but the app MyFitnessPal trails the rest, partly because of its long and ambiguous terms.

MyFitnessPal also demands that the user waives their rights to privacy over user-generated content. This includes profile pictures and user names. The user cannot revoke the licence to such use.

– Information relating to this kind of services can be very private, and users should be guaranteed that it will not end up being misused, says Finn Myrstad. This serves to illustrate that we need stronger safeguards to ensure that foreign companies targeting European consumers follow the law and respect consumers’ fundamental rights.

The parent company of Myfitnesspal and Endomondo, Under Armour, announced this week however, that they have re-hauled their terms  and that new terms will apply soon.

– We are pleased that there will be new terms for these two services and we will analyse these in detail, says Finn Myrstad.

Apps should provide more consumer friendly solutions

During the winter of 2016, the Consumer Council will evaluate consumer privacy for several social media and fitness apps  and will submit an overall report before Easter.

– The purpose of our app campaign is to raise awareness of what we are agreeing to when we use apps. It is not to scare users but to give users information and to put pressure on apps to provide more consumer friendly solutions, says Finn Myrstad.

.iframe-container { margin-top: 30px; position: relative; height: 660px; overflow: hidden;} .iframe-container iframe { position: absolute; top:0; left: 0; height: 100%; width: 1px; min-width: 100%; *width: 100%; }

Bilde av ansatt: Øyvind Herseth Kaldestad.Foto

Øyvind H. Kaldestad

Kommunikasjonsrådgiver – digitale rettigheter og strøm

Press photo


Finn Myrstad, Director of Digital policy at the Norwegian Consumer Council.

Abonner på vårt nyhetsvarsel