| dc.description.abstract | The technology is constantly evolving with use of personal data as a central component of new applications and services. At the same time, physical activity has become an important part of the modern society. This has led to an increased use of wearable fitness devices, as a common accessory for both professional athletes and regular people. These devices help people track their health and activity progression, as well as it serves as a motivational factor. The wearable fitness devices are usually connected to a smartphone through an application provided by the manufacturer. Through these apps, a user can review historical activity data and plan future sessions. The data is also often made available through the manufacturer s website, but this requires login. When using these devices and services, one may ask whether users accept the terms of use without knowing the details of how the personal information is handled.
This thesis investigates privacy leakage by identifying where data is shared from the applications to other destinations on the Internet. It also examines the active tracking mechanisms used on the manufacturer s websites. The study evaluates three major manufacturers of wearable fitness devices. The test results are discussed with respect to the privacy policies of the companies. I have defined the following research questions for the thesis:
1. Is the information provided by the manufacturers sufficient for the users to fully understand the extent of the data sharing?
2. Are there any undisclosed parties that receive information about the users?
3. What incentives do the manufacturers have for collecting user data?
4. How is the distribution of responsibility for handling the personal data in question?
The result shows that multiple third parties receives data from both the applications and the websites. Further, their privacy policies do not give sufficient information about who is receiving the data or for what purpose. In general, the policies are vague and hard to understand for a regular user. This shows that there is a need for better regulation in the future, to ensure that all parties responsible for processing of personal data are forced to improve their operations. | |
