Security risks with using Free Step Tracking apps

This blog was written by an independent guest blogger.

Move to Earn (M2E) industry growing:

Currently, Move to Earn or free step tracking apps seek to improve the health of the users with innovative methods to earn money. Free step tracking apps are now mostly related to the blockchain industry aka “Move to Earn” technology. There are now hundreds of M2E apps in development. The idea is simple. You sign up in the app (using your email & full name), turn on location tracking & you’re good to go jogging , running & walking. Users get Coins for the effort, which one can sell on the open Crypto market for Fiat money. Remember, to earn you always need to have the internet access as well as location turned on. Otherwise, you will not be able to gain anything.

This may seem like not a big deal for many people who don’t know about the security & privacy risks attached to the app.  Surely, these are not the first apps which have asked location to be turned on. Many fitness trackers also require the location information to be available online.

Are step tracking apps safe?

Step tracking apps can pose serious security & privacy threats to the millions of users using M2E apps. When you run, the tracker monitors your location all the time. Also, most of these apps are not tested against security & privacy issues. They don’t have Responsible Disclosure programs where security researchers can report security issues. Oftentimes , we saw developers of these apps ignoring the reports by security researchers about the security risks attached with them.

Data can be shared or sold to third parties

Well, no one reads the lengthy privacy policy of the services. Meanwhile, advertisers & insurance companies really need the information related to your daily number of footsteps (which discloses some aspects of your health) and location. The US Health privacy Law HIPAA excludes these step tracking and fitness tracker apps. So, these step tracking (M2E) companies can share data with anyone they want.

Tough choice - Trade offs?

If we look at M2E , these apps have helped a lot of families around the world to earn a livelihood when there were no jobs due to the pandemic. During the pandemic, many companies have cut off their employees & people have limited choices to earn a livelihood.

So, it's a tough choice for many. Personally, I would never sign up for these apps as most of them are unsecured.

Poll Results:

Kate Brew, editor of the LevelBlue Cybersecurity blog, recently conducted poll on Twitter on whether people would use a step tracking app. Here are the final results:

Would you add a free app to your smart phone that allows you to track your number of steps per day for health reasons? Or advise friends and family to do so?

— Kate Brew (@securitybrew) June 30, 2022

Tips for users to ensure their privacy and security:

1. Always read the complete and critical points of privacy policy before you hit the sign-up button.
2. Check if the app requires 2FA Setup or not
3. Check where data is being stored. You can ask the developers about that.
4. Protect your anonymity with VPN
5. Turn off location tracking when the app is not in use
6. Avoid using public & unsecured Wi-Fi networks.