Here Are the Most (and Least) Secure Fitness Trackers

When you strap a fitness tracker or smartwatch to your wrist, you’re giving the device access to your most private information. 

Credit: Tom's Guide

(Image credit: Tom's Guide)

A fitness tracker can tell where you are at any given moment, now that many include on-board GPS-tracking or connect to your smartphone's GPS. An activity band also knows how fast your heart beats, how stressed you are and even how deeply you sleep. That’s why it’s essential for wearables to prove they can be trusted with that data.

The results of in-depth testing from the noted AV-Test IT-security research lab prove that fitness trackers have drastically improved their security over the last few years.

The top-selling wearables, the Apple Watch Series 3 and Fitbit Charge 2, passed the tests with flying colors. Huawei, Garmin, Nokia, Samsung, TomTom and Jawbone (which is leaving the fitness tracker business altogether) also make secure devices. Lenovo’s HW01 failed the tests, but given that it’s tough to find that band in stores or online anywhere, we’re guessing few people will be affected by its poor security.

MORE: Best Fitness Trackers

In the aftermath of February’s MyFitnessPal hack, which affected 150 million users who track their calories and workouts in the app, AV-Test tested how the leading wearable makers secure the transmission of your data from the device to the cloud. The lab’s testers also evaluated the security of your data as it is transmitted from your fitness tracker to your smartphone. Nine out of the 13 devices tested transmitted your data only to the authenticated device (your phone).

Four of the trackers revealed security holes when sending data to smartphones. One device, Medion’s Life S2000, required no authentication and and sent data over an unencrypted wireless connection. (This is very, very bad.) Moov’s popular Now tracker facilitates a Bluetooth connection when you press the device’s push button, but after that connection is initiated, anyone can connect to your device without authentication. The connection also isn’t encrypted.

AV-Test Institute also looked at how secure each band’s app and online account is for storing the information it collects. Apps from Xiaomi, Moov and Medion contain in-app ads, which earned low marks from the lab’s testers.

“Such modules do not belong in apps of fitness trackers,” the AV-Test Institute concluded.

Following the kerfuffle over what companies can do with your data, thanks to Facebook’s fast and loose handling of the information you store on its platform, the testers also looked at each tracker’s privacy policy.

The good news is that almost every wearable prevents third parties from accessing your information without your consent, except for Lenovo. The company’s fitness-tracking app was not only connecting with unknown third parties during the lab’s tests, but Lenovo also stores its privacy policy on a Facebook server. If you happen to see the HW01 in the wild, resist temptation and choose a fitness band that pledges to keep your health data secure.

Caitlin is a Senior editor for Gizmodo. She has also worked on Tom's Guide, Macworld, PCWorld and the Las Vegas Review-Journal. When she's not testing out the latest devices, you can find her running around the streets of Los Angeles, putting in morning miles or searching for the best tacos.