Friday, February 13, 2015

Android Wear and Google Fit and its privacy and security

I have the Motorola Moto 360 Android Wear smartwatch in my possession for a while now. Generally speaking I am very content with the watch, although there are no outspoken features (yet?). It is a nice extension to the Android smartphone. It is no smart-device by itself, but personally I think this is a good way to move to the "one device, multiple screens" principle.

This is the one :)
This is no review about the Moto 360 itself though. Instead I will look closer to the Google Fit service and its privacy and security characteristics. Since such a service is being used much faster or easier when you have more sensors on and around your body. It is important to know that you do not have to have a smartwatch to use Google Fit, but it certainly will enhance the experience. For the record, I have used Google Fit for more than a month now.

For the ones curious about the extensions and the leather band, click here: SteelConnect M and Fossil 22mm Flight ACH2696.

What is Google Fit?

Google Fit is a service that provides functionality like heart rate monitoring, step counting, calorie-burning and activity monitoring. It can also detect the distinction between walking, running and bicycling. It appears that when you drive a car or go by train (probably just when going faster than a certain speed) it will not count towards your activity. So no smuggling there!

The types of data that are automatically collected are:
  • Steps / distance
  • Time of activity
  • Detection of going by foot (walking and running) or bike.
  • Location data
The types of data that are manually collected are:
  • Heart rate
  • Weight
  • Length
  • Gender
Based on those data there you can generate graph views going back to whenever you started collected the info above. You can also define your daily goal of activity time and select in what units all measurements will be presented.

An example of a Graph of Google Fit
An example of Google Fit on Android Wear
You can find the Google Fit support page here.

Activity Detection and Accuracy level

In the Google Fit app there are two settings I want to mention. The first one is that of Activity Detection. When enabled the app puts all the sensors to work to detect when you are being active or not. The service will run continuously in the background and when activity is detected, the data is being collected.

The other settings, which was added in a recent update, reflects the new GPS functionality. If you enable this feature you will allow other apps (and thus also Google Fit itself) to improve distance and location tracking while performing your work-out. The warning for reduced battery life holds truth, and ultimately I disabled this feature myself.

Despite the fact this functionality was recently added to the app, the data was actually already being collected. It can be now more accurate then before (apparently) and the data now also shows up in your dashboards in the app and on the website.

So what is collected in summary?

Google Fit collects data about you being active and inactive. It can sensor if you are likely walking, running, biking, moving by car or train (its just ignores that), and when you are doing just nothing. And when you do that, Google Fit can measure how fast you are going and where you exactly are at that moment. And when you submit your hearth-rate data, length and weight it will use that data too. Google Fit can correlate this data into a view about your movements, physical condition and whereabouts during a specific time period.

What are the privacy and security features of Google Fit?

The privacy and security features are important, so here is a small list.
  • Communicating with the service goes through a secure connection. See the image below for the details about the security. It is not possible to communicate with the service through insecure connections and there is no way to use Google Fit without a Google Account. Protect your Google Account with good security, especially when collecting health-data about yourself.
  • Delete History feature. This will delete all your Google Fit data on the Google services. When you want to stop using Google Fit, first disable it or remove it from all your devices. Then delete your history through the website itself.
  • Third-parties connection. When you want third party apps to connect to your Google Fit data, you will have to explicitly give permission first. Beware here, because those apps can also store data in your Google Fit service and can share or use them in other ways then Google intents with this service. You can find more about this here.
Information about the Security of the connection

What about the privacy policy of Google Fit?

When you enter "privacy policy google fit" in your Internet search tool, you cannot easily find information about this subject. But there is some info to find. Lets start with an overview of the Google Fit platform.
Google Fit platform overview
The Fitness Store of Google, as stated on the platform overview website of Google Fit is the following.
The fitness store is a cloud service that persists fitness data using Google's infrastructure. Apps on different platforms and devices can store data and access data created by other apps. Google Fit provides a set of APIs that make it easy to insert data and query the fitness store.
The way the service works is explained in a short but transparent manner. There is no easy way find specific privacy information about Google Fit though. When you look at the Terms of Service (ToS) of Google Fit for developers you can find the following Use Limitations.
Google does not intend Google Fit to be a medical device. You may not use Google Fit in connection with any product or service that may qualify as a medical device pursuant to Section 201(h) of the Federal Food Drug & Cosmetic (FD&C) Act.
Unless otherwise specified in writing by Google, Google does not intend uses of Google Fit to create obligations under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). Google makes no representations that Google Fit satisfies HIPAA requirements. If you are or become a Covered Entity or Business Associate under HIPAA, you agree not to use Google Fit for any purpose or in any manner involving Protected Health Information (as defined by HIPAA) unless you receive prior written consent to such use from Google. You acknowledge that upon discovery of a violation of this provision, Google may terminate your use of Google Fit. You are solely responsible for any applicable compliance with HIPAA and agree to hold Google harmless for any uses contrary to this provision.
They pretty much say that Google Fit is not suitable for anything related to healthcare or its insurance (I understand that), nor does it pretend to have the same security level as healthcare or health insurance services (frowny face here). And this last part might be a problem if you consider that there is a fine line between health-data and medical data. When does one ends and starts the other?

In the end, there is no specific privacy policy for Google Fit. I cannot find it, but if you can, please let me know!

Okey, so what about the general privacy policy of Google Fit?

When there is no specific privacy policy for Google Fit we have to assume that the general privacy policy of Google applies to this service. Another reason for this assumption is the fact that you need a Google Account to use Google Fit in the first place and thus it all falls under the same general privacy policy.

You can find which types of information is being gathered by Google Fit services and its third-party applications above. So to keep this blogpost somewhat short I am going to skip this part in the privacy policy, and move straight to how information is being used and shared.

Your Google Fit data might be used for:
  • Improving Google services.
  • Showing more relevant search results.
  • Combing health-data with other Google services.
  • After anonymization, sharing with their partners such as publishers and advertisers.
  • Sharing with partners to which Google has sourced services.
  • And sharing for the obvious legal reasons. Keep in mind that governments or intelligence agencies might get your health-data from Google Fit easier than from healthcare or health insurance companies.
There is also a small topic about sensitive data, and this is the statement about sensitive information from Google.
This is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.
And when information is classified as sensitive, Google claims in its privacy policy that it will only be shared after you give your explicit consent.

The big question that remains is: "Does Google consider Google Fit data as confidential medical facts?". I cannot find an explicit statement that it does.

And what about Third-Parties apps and services?

Technically speaking the Google Fit service is well protected and you can enhance your own Google Security with things like 2-Step Verification or even with a FIDO U2F Security Key. As Ken Taylor correctly states in the comments below, this security becomes far less relevant when you connect third-party apps or services to your Google Fit data.

It is for apps possible to use the data you connect the service to and therefore the privacy policy of the third-party app or service apply for specific that data-exchange. Whereas Google Fit won't sell your data, it just might be so that the third-party app will do so. Or perhaps even some other nefarious activity is done with your data.

In this area the Google Privacy Policy offers no protection. The data-exchange is secure and the authentication is based on OAuth technologies. But once the data has been transferred to the third-party, there just simply is no protection from Google.

Do I have to worry?

If you just use Google Fit as is and do not incorporate third-party apps and services, I tend to say that you won't have to worry. Just don't act surprised when you see a fat-burner pill or awesome new running shoes ad on a website when using Google Fit for a while. Google does not state anywhere that it won't do that and its privacy policy is not entirely transparent about this topic, especially considering its statement that Google Fit is not a medical device.

For the third-party apps and services, really read their privacy policy before sharing data such as your health-data. Be cautious here.

It is up to you now to decide what you will do. Are you sharing data with third-parties? If yes, which ones? And did you read the privacy policy? If you want, you can leave a comment to discuss these questions.

--
This post has the tag: update, meaning it will be updated when new information becomes available and/or relevant.
Share:  

3 comments:

  1. I don't think it is valid to say "Technically speaking the service is well protected and you can enhance your own Google Security..." The security on your google account is irrelevant once you give permission to a third party to integrate with Google Fit and you link to the Google advice that tells you this.

    So the privacy policies of Google are no more important than the privacy policies of the third party apps that link to it and the integrity of those app developers. If there is some way to exploit Google Fit data, the way to do that at scale is to incorporate the logic into an app, for example an online app that processes and presents the data in an interesting way. Then after people allow your app access to their data you can undertake your nefarious activity anytime you like and Google even provides your data store for free.

    This weakness probably can't be avoided for this type of service but your analysis concentrates on what Google might do with your data while ignoring what third parties might do with it.

    ReplyDelete
    Replies
    1. First of all, thanks for taking your time to write such a nice and well thought off comment!

      You are completely right with your statement, and I will change my post accordingly (with credits to you) this week. I indeed concentrated on Google only, but I now see that it is bit to narrowed because of third party apps that can integrate with it. It is indeed not only about the technical security of the data on the Google servers itself, but also the privacy policies of the third party apps and services.

      Thanks again, and I will let you know as soon as I adjusted it.

      Delete
    2. I have updated the post. Thanks again!

      Delete