Fitbit, Strava and Nike Training Club are the most data-hungry fitness apps according to a new report — here are 5 ways to protect your privacy

News
By published

Surfshark analyzed 16 different fitness apps

Strava
(Image credit: Shutterstock)
  • Online privacy app Surfshark analyzed 16 different fitness apps
  • It reported on how much personal data these apps collect, with Fitbit and Strava collecting the most
  • Here's what it means for users of these apps, and a few simple ways to better protect your privacy

It’s fitness season, and now that the holidays are over a lot of people will be downloading a new fitness app to go with their resolution to get fit, build muscle or lose weight in 2026.

But fitness apps are as data-hungry as any other app, logging and sometimes sharing personal data – including sensitive information you might rather keep private.

A study from online security firm Surfshark looked at 16 of the top fitness apps, including Fitbit, Strava, Apple Health, PUSH, Centr and more, using TechRadar’s own list of the best fitness apps in conjunction with other sources, and ranked them in terms of how much data they collected.

The rankings are based on the different kinds of data collected, such as location, contact information, health or search history. Surfshark also looked at whether the app used data for tracking.

Apple defines tracking as “the act of linking user or device data collected from your app with user or device data collected from other companies’ apps, websites, or offline properties for targeted advertising or advertising measurement purposes.

“Tracking also refers to sharing user or device data with data brokers."

The Surfshark report also recorded which apps were collecting data that they don’t actually need for app functionality. You expect a fitness app to collect health and fitness data, for instance, but you might not expect it to collect information about your search history or advertising data.

Four apps collect ‘sensitive data’, a category of data pertaining to race or ethnic background, sexual orientation, fertility data, genetic information, biometric data, or even information about your employment status or trade union membership.

All the information was gathered from Apple’s App Store. You can see a screenshot below of Fitbit’s listing on the App Store, which illustrates some of the different kinds of data collected.

The results

Fitbit is top of the list, collecting 24 different kinds of data, including advertising and sensitive data. Of these, only five kinds of data are needed for app functionality, with the remaining 19 ranked as 'beyond app functionality'. In other words, according to Surfshark, Fitbit is harvesting 19 kinds of data it doesn’t actually need to run the app.

However, Surfshark states that Fitbit doesn’t use this information for tracking.

Next up is Strava, which is arguably more even more hungry for your data. It collects 21 different kinds of data, and Surfshark says none of the data collected is essential to running the app. It also shares data for tracking with third parties, according to the report. However, no sensitive data is collected.

Nike Training Club

(Image credit: Nike/Shutterstock)

Next up is Nike Training Club, which collects 20 different kinds of data, including sensitive data, and uses it for tracking purposes.

Centr was found to be at the bottom of the pile with just three kinds of data collected, although even it shares data for tracking purposes. The report said PUSH sets itself apart as “the least invasive app”, collecting data without linking it to users.

What does this mean for users?

While Fitbit being the data-collection leader isn’t necessarily surprising (it’s run by Google and linked to your Google account after all, and Google is a famously data-hungry operation), it doesn’t share your personal or sensitive data to third parties, according to the report – possibly because it’s been prevented from doing so.

When Google first acquired Fitbit in 2021, there were concerns by leading economists that the merger would “monetize health data and harm consumers”. Consequently, the European Commission stipulated that the merger could go ahead, but with a 10-year ban on using health data for marketing purposes.

Strava, an app based on sharing your location, has been in hot water for privacy issues plenty of times. It has accidentally revealed military bases in war zones by releasing heatmaps of user activity. Journalists have also used Strava accounts of government officials to predict the whereabouts of heads of state, including Joe Biden and Vladimir Putin, and it was reported by our sibling publication Cycling Weekly that hackers can find out where you live on Strava, even if you use tools to hide the start and end of an activity.

Perhaps scariest of all is the possibility that some apps collect and share sensitive data, a class of personal information about your identity and health, including fertility data for people using apps to track their periods, along with biometric and even genetic data. While these kinds of data have extra legal protections in some areas like the EU, thanks to GDPR, there’s no special protection for this sort of data in the US when it’s shared outside of a medical context.

5 ways to protect your privacy

A padlock against a black computer screen.

(Image credit: Pixabay)

It’s hard to uncouple from the complex network of shared personal information that is the modern smartphone. Everything is connected, and the more it’s all shared the easier it is for us to be hacked and tracked. Agreeing to use these apps, which otherwise offer some really great services, means consenting to their use of your information in this way.

However, you can mitigate what and how much data is collected, and retain some semblance of control over who accesses your data.

  1. New accounts: Rather than using the same email for everything, you could create a new account, one not tied to your personal life, specifically for logging into data-hungry apps.
  2. Check your permissions: Update the permission settings in your phone regularly. By doing this, you can deny some apps permission to track your location or personal data when appropriate. You can also change the settings on certain apps from tracking you all the time to ‘While using the app’ to retain a degree of control.
  3. Minimize location leaks: Walk or run a short distance away from your home before starting a location-sharing activity on Strava or an equivalent app.
  4. Check the small print: When downloading apps in future, always scroll down in the App Store or Play Store to check what data the app collects before agreeing to its terms of service.
  5. Multi-factor authentication: To avoid being hacked as a result of a data leak, make sure all email addresses you use to sign up for these apps have multi-factor authentication enabled. It’s a simple trick that prevents your email account being hacked in up to 99% of cases, according to Microsoft.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Matt Evans
Matt Evans
Senior Fitness & Wearables Editor

Matt is TechRadar's expert on all things fitness, wellness and wearable tech.

A former staffer at Men's Health, he holds a Master's Degree in journalism from Cardiff and has written for brands like Runner's World, Women's Health, Men's Fitness, LiveScience and Fit&Well on everything fitness tech, exercise, nutrition and mental wellbeing.

Matt's a keen runner, ex-kickboxer, not averse to the odd yoga flow, and insists everyone should stretch every morning. When he’s not training or writing about health and fitness, he can be found reading doorstop-thick fantasy books with lots of fictional maps in them.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.