- News
- Reviews
- Bikes
- Accessories
- Accessories - misc
- Computer mounts
- Bags
- Bar ends
- Bike bags & cases
- Bottle cages
- Bottles
- Cameras
- Car racks
- Child seats
- Computers
- Glasses
- GPS units
- Helmets
- Lights - front
- Lights - rear
- Lights - sets
- Locks
- Mirrors
- Mudguards
- Racks
- Pumps & CO2 inflators
- Puncture kits
- Reflectives
- Smart watches
- Stands and racks
- Trailers
- Clothing
- Components
- Bar tape & grips
- Bottom brackets
- Brake & gear cables
- Brake & STI levers
- Brake pads & spares
- Brakes
- Cassettes & freewheels
- Chains
- Chainsets & chainrings
- Derailleurs - front
- Derailleurs - rear
- Forks
- Gear levers & shifters
- Groupsets
- Handlebars & extensions
- Headsets
- Hubs
- Inner tubes
- Pedals
- Quick releases & skewers
- Saddles
- Seatposts
- Stems
- Wheels
- Tyres
- Health, fitness and nutrition
- Tools and workshop
- Miscellaneous
- Buyers Guides
- Features
- Forum
- Recommends
- Podcast
TECH NEWS
2021 Supplement Timing personal dataPeloton, Strava and TrainerRoad collect and share the most personal data, finds new cycling app study
Peloton, Strava and TrainerRoad have been found to be the most 'personal data-hungry' cycling apps, according a recent study by Supplement Timing.
Supplement Timing looked at over 100 of the most popular fitness and health apps available on the app store, releasing its findings to rank them according to which share the most and least of your personal data.
> 29 best cycling apps — explore the ways your phone can help your riding
“Which data could possibly be more personal than your health and fitness stats?”, asks Supplement Timing. Well, if this is a concern for you, the full breakdown of the data being tracked, both by default and as a optional setting, can be seen in the table below.
The team read the user agreements and privacy policies of each app to discover which ones are collecting and sharing the most personal data with third parties.
The Peloton fitness app, with live classes as well as a back catalogue of previous classes, was found to track the most personal data, with Strava coming a close second.
> 8 things you didn’t know about Strava — advanced features for exploring and performance analysis
Fulgaz, an Australian app that uses real-world videos of cyclists, was found to store the least amount of data of the apps analysed, with Bkool Simulator and Wahoo Fitness not too far behind.
> 12 of the best indoor cycling apps - get the right turbo training experience for you
“Supplement Timing believes that whether it's your fitness regimen, the food you eat, or the supplements you take - everybody can push themselves to harder, better, faster and stronger.
“But in today’s technologically-driven world, many of the apps we use to keep track of our nutrition and our workouts come with a cost - our personal data.
“Supplement Timing wanted to bring this to light to help you achieve your fitness goals while retaining your privacy.”
> Zwift vs TrainerRoad: Which is best for you?
Nutrition and weight loss apps were also found to be the ones most likely to track personal data by default without alerting you, while FitBit is the step counter app that collects and shares your data the most.
At the other end, yoga, mental health and sleep tracking apps are the least hungry for your personal data.
Methodology
For each app, Supplement Timing says it analysed the official privacy policy as provided on their website or on the website of the parent organisation:
“Where possible, a distinction was made between the information users have to provide to use the app and its features, and the information users can choose to share with the app", it said.
For each of the 27 types of personal data identified, Supplement Timing says it give an app 2 points if a certain type of data was tracked by default, and 1 point if that type of data was tracked only if users gave permission for it to be tracked.
Supplement Timing's full study can be found here and all of the data is over here.
Could this information change which fitness apps you use, and the way you use them? Let us know in the comments as always.
Latest Comments
- ktache 2 hours 37 min ago
The small frame, the aggressive posture, lots of standover height.
- mctrials23 3 hours 32 min ago
As i've said before, the police should be sued for a lot of money when someone they have knowingly ignored has gone on to commit a serious crime....
- David9694 3 hours 40 min ago
'Bad parking' blocks firefighters multiple times on same emergency call-out...
- David9694 3 hours 44 min ago
Cambridgeshire boy, 13, crashes Audi into garden wall after taking it from home...
- Adam Sutton 4 hours 30 min ago
Good stuff. Now do it on cycleway C9 through Hammersmith to Chiswick.
- mark1a 4 hours 39 min ago
It's technically allowed but it's not known as "London's Orbital Car Park" for nothing.
- Dogless 5 hours 47 min ago
You're defending bombing hospitals and refugee camps and starving children.
- mattw 8 hours 27 min ago
Used car salesman is a complete attention-seeking plank....
- tubasti 8 hours 44 min ago
I don't know if they're any better, but they's certainly become more boring.
- FionaJJ 9 hours 10 min ago
At risk of being cynical, and stereotyping the police, it's so they don't have to leave the comfort of their panda cars and pursue on foot when...
Add new comment
10 comments
Who could ever have guessed that Strava knows who I am, where I am, that I have a Garmin Edge, what language I speak, and what my workout details are! Isn't that precisely why we use it?
My FitnessPal should get a special mention, for selling limited data to food companies and then selling ALL their amassed data to Under Armour.
Don't forget the 2018 data breach at MFP - 144 million unique email addresses with usernames, IP addresses and passwords that were for sale on the dark web.
Alongside what Facebook know about you (and let people do with that information), data breaches are far, far more scary than Under Armour knowing what I put in my porridge.
So the article is headed up to be about what data they "collect and share", but then all the detail, including the infographic, is about what they collect, which is the less interesting part of the question. What they collect will in part be determined by the features they need to support. The more important question is how much of that data are they making publicly available or providing to third parties without people realising it.
[Also, there's at least one inaccuracy in there - it claims that Rouvy doesn't collect heart rate data, which it definitely does - which makes me wonder about the rigourousness of their study.]
Indeed - it's a lot easier to know that you are giving to an app in return for its services, but far more crucial is what the company that runs that app then does with it. If it's not shared at all or not used for purposes other than to support the app features then no biggy...
There's a movement out there these days, with user experience strategists like Gerry McGovern, all pointing out that the amounts of data being collected is a biggy. As is the lack of any clear commitment to what happens to it.
They should limit the amount of data they collect - by design. And should routinely delete it - by design
If you think this is trivial, note that the tech giants collect your data by buying up companies mainly for the datasets. They then match them up into mega datasets. So this is not trivial or innocent at all
A lot of this is unnecessary. For example if you bought an app and paid for it in app, the service provider does not intrinsically need to know your personal name or your home address. And having that data makes it all the more risky when the app is tracking your location.
Note also that smartphones actually leak your location data in full because they inherently have a function that provides 3D gyroscopic tracking of your motion even when offline. So effectively many of these apps are tracking you 24-7-365. That's just nothing to do with your workout. It's mass surveillance for commerce
...until they get hacked or bought, either or both of which is pretty likely to happen. So, how much of this data do they actually need to provide the service, and for how long is it necessary to keep it?
...or, of course, until they just get careless? Whatever you put into these apps gets "shared", one way or another.
https://www.theverge.com/2021/5/5/22421329/peloton-api-bug-customer-data...
Yet another one, and it won't be the last. The article says that he reported it to the company in January and they only 'fessed up now when he went public!
It's shocking how little people care about their personal data being shared or even sold online. Once it's out there in the wild you can never get the genie back in the bottle. Identity fraud, banking fraud, phishing and ransomware are all far more likely to succeed.
It's why my kids have multiple email addresses, use fake DOB on social media etc. Only the government, my bank, insurer etc need genuine information, the rest can have false info. Quite a few sites I've registered with have an old address and telephone number as there is absolutely no reason for them to know my home address.
I have had my first jab, so bill gates knows where i am at all times anyway