By Matt Golabek & Trevor Morgan 

From calorie counters to food delivery services to secret and deceptive “vaults” to hide info from parents, millions of humans are tethered to smartphones as if they were their only lifeline. With the convenience, however, comes potential risks for the user.

IBM’s Cost of a Data Breach Report 2019 identified the following startling figures:

  • Average total cost of a data breach: $3.92 million;
  • Average size of data breach: 25,575 records;
  • Time to identify and contain a breach: 279 days;
  • Highest country average cost: United States, $8.19 million; and
  • 2019 odds of a data breach within two years: 29.6%, up from 27.9 in 2018.

While these data critically inform decisions and actions taken by CEOs, investigative analysts, and cybersecurity professionals in an effort to protect a company’s assets, they are also important to the average consumer.

Take for example, the popular app, MyFitnessPal. In February 2019, it was reported that 151 million accounts were breached and being sold on Dream Market, a nefarious site on the anonymous Dark Web where drugs, stolen data, and counterfeit consumer goods were being sold. It closed “shop” a month later, with rumors that law enforcement had been breathing down its cyber neck. Another popular app, DoorDash, had a data breach of 5 million records in 2019.

This new Hg blog series is based on our February FactSheet, What the APP?! Top Social Media APPS and the Lowdown on What Info They Collect, in which our seasoned analysts compiled a list of popular apps used by teenagers and adults to better inform readers of what information each app is collecting. You can download the full FactSheet for free, and we encourage you to share it with others.

This week, we review 5 popular fitness and health apps.

Fitness & Health

 Lifesum

Lifesum This app is perfect for keeping track of dietary habits, fitness routines, and personal information. Per their privacy policy, this app collects login information, weight, height, date of birth, gender, daily workout routine, and calorie intake. If linked with third party services, information from them may be collected and shared as well. A review of this privacy policy might have its users running—with no app needed. View its privacy policy.

 MapMyFitness

Map My Fitness app aggregates the most common and popular walking, running, riding, or hiking routes throughout the world. This app tracks every stride, calorie, and second an individual may take while on this route; and this is where the problems occur. Map My Fitness collects several personal details from you such as name, email address, precise location, and your fitness and wellness data. This means that others using this app could potentially see this information and in no time, unwanted companions could be joining your workouts. View its privacy policy.

MyFitnessPal

MyFitnessPal With consent, this app has full access to view a user’s location, gender, age, device information, and health summary. When matched with an email and login, this app can deduce both physical and technological identifiers. View its privacy policy.

MyPlate

MyPlate Offered by Livestrong.com, MyPlate is an app that tracks much more than calories. The following information may be collected upon registration: Name, email address, mailing address, phone number, interests, login information, and information provided through surveys. MyPlate may share this information with advertisers and marketers, making private life more open and transparent. View its privacy policy.

Noom

Noom Targeted at millennials and designed by behavioral psychologists, this app is built for long-term weight loss. However, it also collects confidential personal information. This data may include: First and last name, username, password, gender, age, country, zip code, IP address, and health information. If breeched, this app will expose all these identifiers. View its privacy policy.

 Matt and Trevor are investigative analysts at Hetherington Group, where they use their open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. Both are contributing writers to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On their lunch breaks, they can be found outside playing frisbee with their four-legged colleagues.