With Rising Popularity of Wearables, Data Protection Hiccups Remain

More than 485 million wearable tech devices will ship to consumers annually by 2018, according to analyst predictions. But as these devices grow in popularity and number, so do concerns about protecting the data they generate.

Wearable technologies like the forthcoming Apple Watch and Fitbit, for example, can record the location and daily routines of users, information that could be tempting for hackers to exploit. Here's a look at the data protection challenges wearable technologies pose to two industries: 

The data that healthcare and fitness apps produce is valuable to advertising agencies and other third-parties looking to generate personalized ads and offers. Burglars, too, could use that data to track when users aren't at home. A 2013 study by Privacy Rights Clearinghouse found that of the 43 popular health and fitness apps researchers studied, many apps did not encrypt user data, and fewer than half provided a link to a privacy policy. What's more, many apps connected to third-party sites without users' knowledge.  

Healthcare data is personal, and users expect the apps to keep their sensitive data safe and secure. Some experts speculate that data management concerns caused Apple to pull its HealthKit feature from iOS 8, shortly after the company announced the new toolkit. HealthKit gives developers access to Apple's Health app, which monitors and consolidates data about users' caloric intake, heart rate, nutrition, cholesterol and blood type. 

Apple updated HealthKit's developer program license agreement to better protect users' personal data. Now, developers cannot “share user data acquired via the HealthKit API with third parties without user consent,” or use user data gathered from the API “for advertising or other use-based data mining purposes.” Fitbit also recently updated its privacy policy to stop the app from selling or sharing personally identifiable data unless users opt in.

Wearable tech devices that don’t provide a privacy policy should raise a red flag. Using portable Bluetooth scanning devices, a Symantec researchers found that the apps they encountered contacted an average of five unique domains each. In addition, they found that 20 percent of these apps transmitted user credentials in clear text. What does that mean for users? If apps don't encrypt data, then users and passwords may be compromised. This vulnerability, combined with users' tendency to reuse login credentials, could allow hackers to gain access to accounts with sensitive personal and financial information, such as email, online shopping or banking profiles. 

New mobile payment technologies, such as Apple Pay, offer a more secure solution. Apple Pay uses EMV technology, which generates a unique combination of numbers for each purchase. “EMV is more secure than the magnetic stripes on credit cards because a new string of numbers is created for each purchase, making it difficult for hackers to use a stolen number for another purchase or to counterfeit credit cards,” according to The New York Times. Apple Pay adds another layer of security by requiring biometric authentication through Touch ID, or a passcode, to complete a purchase. 

Regardless of security protections, users must also take precautions. The world of wearable tech is new, and there aren’t many regulations protecting user data. Here are four tips users should take to their protect data on wearable devices:

•       Don’t use the same username and password for multiple accounts.
•       Check to see if apps have a privacy policy before downloading them. If the policy is unclear, or there isn’t a policy, be wary.
•       Turn Bluetooth off when it’s not in use.
•       When an app or operating system update is available, download the new version. 

Image via International Business Times