Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Android Privacy

Fitness App Runkeeper Secretly Tracks Users At All Times, Sends Data to Advertisers (androidauthority.com) 93

An anonymous reader writes: FitnessKeeper, the company behind running app Runkeeper, is in hot water in Europe. The company has received a formal complaint from the Norwegian Consumer Council for breaching European data protection laws. But why? Runkeeper tracks its users' location at all times -- not just when the app is active -- and sends that data to advertisers. The NCC, a consumer rights watchdog, is conducting an investigation into 20 apps' terms and conditions to see if the apps do what their permissions say they do and to monitor data flows. Tinder has already been reported to the Norwegian data protection authority for similar breaches of privacy laws. The NCC's investigation into Runkeeper discovered that user location data is tracked around the clock and gets transmitted to a third party advertiser in the U.S. called Kiip.me.Finn Myrstad, the council's digital policy director, said: We checked the apps technically, to see the data flows and to see if the apps actually do what they say they do. Everyone understands that Runkeeper tracks users while they exercise, but to continue after the training has ended is not okay. Not only is it a breach of privacy laws, we are also convinced that users do not want to be tracked in this way, or for information to be shared with third party advertisers.
This discussion has been archived. No new comments can be posted.

Fitness App Runkeeper Secretly Tracks Users At All Times, Sends Data to Advertisers

Comments Filter:
  • Price? (Score:4, Informative)

    by Nidi62 ( 1525137 ) on Friday May 13, 2016 @01:45PM (#52106915)
    Not surprisingly, it is a free app(with in app purchases-not sure how that works with a running app, but whatever). They had to be getting their money from somewhere....
    • by SumDog ( 466607 )

      With Map My Ride, the in app purchases are to unlock "MVP mode" which allows you to get more workout analytics (break down your split times) or live tracking (let your friends track your ride)

      • Runkeeper also keeps trying to sell you a premium service, which has more analytics. There is also the "reward" after you complete some accomplishment, which seems to be some product discount, and they probably could make money from advertising there.

        Last year I wondered if it was a Runkeeper developer asking what to do when dividing by zero [slashdot.org]. If you stay completely still for an entire workout, it decides that you are running at "zero minutes per kilometer" and even congratulates you on setting a new record.

    • Simple solution: Offer up an IAP to stop unwanted tracking and selling of data!
    • By killing my data plan? I would say that is close to fraud!

    • I paid for the app long before they went with the freemium model
  • ... for running [cdn.meme.am](NSFW)

  • by Locke2005 ( 849178 ) on Friday May 13, 2016 @01:48PM (#52106953)
    If I'm going over my monthly data cap because an app it using up my bandwidth, can I ask them to reimburse me for added data costs? Seems fair to me...
    • You can sue for anything. I can sue you for daring to use the username Locke2005, when I am clearly the one and only Locke2005.

      This is the kind of thing that you need a class action lawsuit, because the money is so small that it can't be worth it.

      If this were the US, a class action lawsuit of this type would most likely settle with the company paying legal fees, agreeing to stop doing it, and maybe give their customers a coupon of some kind for pennies off future services. Not worth it for the customers,

    • by vux984 ( 928602 ) on Friday May 13, 2016 @02:13PM (#52107151)

      You sure can.

      First, you must calculate how much bandwidth they used at times that you weren't expecting it to be using bandwidth. Be precise. Its likely in the low MB.

      Next, look at your recent phone bills, and document your actual overages. (If you weren't actually over, what are you suing for?)

      And calculate (show your work) what portion of that overage is attributable to the app running when it wasn't supposed to be. Hope you didn't have a 2GB overage streaming movies because the 2MB contribution of the app to your overage is then only about 1% the 20$ you spent on overages. (or 20 cents)

      Next, document what steps you took to minimize the harm. (If you've had data cap overages for the last 3 years and you are only doing something about it now, the judge will disallow most of your claim as you have an obligation to minimize harm. So you'll need to show that you took reasonable steps to monitor and control your data use and manage overages.)

      Finally, file your lawsuit; attend the hearing; and then wait for your check for $2.27 in data overages that the court is likely to allow as directly attributable harm from the app for data use.

      Assuming it allows anything at all.

      • by NotAPK ( 4529127 )

        Your logic is perfect.

        Yet "we" still get hurt.

        So how is this system supposed to protect us?

  • I'm not surprised at all, I would like someone to do this analysis with the Garmin Connect app. A while ago it was updated so that you couldn't connect the vivosmart directly to your phone without doing it through the app. Then, another update the app isn't even usable unless you turn on location services. So for someone like me whose use case is mostly so I don't have to pull my phone out of my pocket to check/ack a page and occasionally for exercise. It became a piece of junk that sits in a drawe

    • by Piata ( 927858 )
      I'm curious about this as well. Garmin's primary business is selling reliable hardware with a long term ecosystem so you would hope that selling user information to marketers isn't worth the effort.
  • I think they all do (Score:3, Informative)

    by Anonymous Coward on Friday May 13, 2016 @01:51PM (#52106979)

    Sister got Dad a fitbit as a gift. It wants so many permissions in Android that the family decided not to install, activate, or use it. Seems corporations view people as marks to be fleeced instead of valued customers.

    • Another one to echo your sentiment here. There are no tasks that the Fitbit account does that couldn't be handled within the app with the data kept locally. The fact that this isn't an option - not just on a fitbit but with any of the other fitness trackers I've looked at - gives me grave discomfort. It'd be a trivial selling point for anyone to do, but the fact that no one is doing it means that someone, somewhere, is paying handsomely for that data.

  • That's am immediate uninstall then. I'm personally not that fussed about being tracked, it's more a concern on battery drain from an app that shouldn't be doing it!
  • I agree it's a violation of user privacy but still I'm curious about what the tracking data shows. For example I wonder what percentage of those exercising hit up a donut shop after they're done.
  • "Another branch of the European government was furious they had not thought of this first because les terroristes "

  • my iPhone says that the app wants access to GPS even when I am not using it or have opened it. So these get uninstalled again. I believe the last one I tried was Waze.

    • by orev ( 71566 )
      You can easily going into the Location Services and change it to "While Using", and actually in the most recent version at least, there isn't an option for "Always", so this must only be an Android thing.
  • The first link goes to a website named "Android Authority"; the article in the second link includes the phrase "...the Android version of the app...". Anyone know if the iOS version is doing this also?

    • by orev ( 71566 )
      You can check by going into Location services and seeing what it's set to. Only options I see are "Never" and "While using", so it can't be tracking you all the time.
    • No, it cannot do this. You can't even give it permission to track you all the time.
      • by jIyajbe ( 662197 )

        Thanks, both you and orev.

        I expect that, in the (vast?) majority of cases, RunKeeper is doing this without the user's knowledge or permission; I inferred from the articles that it may be doing that by somehow overriding the user's tracking settings in Android. (But, that was an inference only.) I didn't think there was a way to do that in iOS, so glad to have my understanding affirmed.

        • It could do the same if it had the Location permission "always" (and the user allowed it), but like they said it only offers "Never" and "While Using" - Apple added the "while using" item back with iOS8 I think. After they added that I always shut down location permissions for any app that does not offer the "While Using" option.

  • There are only two location sharing options, Never and while the app is active. If they're bypassing this on iOS 9, Apple has got some problems.
    • Article mentions that this issue is specifically for the Android version of the app. You are correct that this is impossible on iOS. Doubly so if you actually completely close the app (swipe it away).

  • All those people who did not root their phones, used official market place or the official app store all should be safe, right?

    The App is snooping, it has been outed, it is simply a matter of time, next security update will blacklist the app, revoke all it s privileges and all is well in the world, right?

    In reality, people who rooted their phone, run a security manager that sandboxes all apps and prompts for every network access, will be safe. People who trusted Apples and Googles to keep them safe would

  • Some apps that you really want demand all sorts of capabilities that you do not want to give to them. Some will not install or behave badly if you do not grant what they want. What is needed is a 3 way grant of permissions: yes (allow), no (do not allow), lie (use a contact list of: mickey mouse, the queen, pres obama, ...; location: North Pole; ....) like that they are happy and just report to their masters junk information.

  • Anyone who has gotten burned by this kind of crap and is surprised, hurt, or indignant, please repeat after me: "If I'm not paying for the product, I AM the product". Now, continue to repeat it, out loud if necessary, until it sticks. Make it a daily mantra. When you see a 'free' service you're interested in, if your immediate thought is "how will I and / or my data be taken advantage of if I sign up for this?", then you've successfully activated your best protection against being an unwitting victim of 'fr

    • by epine ( 68316 )

      "If I'm not paying for the product, I AM the product". Now, continue to repeat it, out loud if necessary, until it sticks.

      Sure. But here's a question. What does Caveat Emptor 101 for Slow Learners actually buy you at the end of the day?

      What it bought me is an Android cell phone with such a pathetically small number of data-enabled applications installed on it that I turned off my data modem six months ago and have yet to miss it.

      Furthermore, actually paying for an application is no guarantee it doesn't pa

  • There's very useful service https://tapiriik.com/ [tapiriik.com] (free and open source https://github.com/cpfair/tapi... [github.com] ) that lets you migrate workouts between different fitness apps. It supports runkeeper, strava (my favourite), endomondo, garmin and even dropbox.
  • If you're transmitting data to a service provider, that data will be sold.

  • So that explains why my battery life has tanked since I installed Runkeeper...
    F' them.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...