# “Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications

**Source**: https://iris.unil.ch/entities/publication/e7572848-7063-48b9-a213-4ee059896d75
**Parent**: https://wp.unil.ch/hecoutreach/connected-watches-and-privacy-risks-dangers-and-data-protection/

Title

# “Revoked just now!” Users’ Behaviors Toward Fitness-Data Sharing with Third-Party Applications

Type

journal article

Institution

UNIL/CHUV/Unisanté + partner institutions

Journal

Proceedings on Privacy Enhancing Technologies

Author(s)

Zufferey, Noé

Author

Salehzadeh Niksirat, Kavous

Author

Humbert, Mathias

Author

Huguenin, Kévin

Author

Links to people

[Huguenin, Kévin](https://iris.unil.ch/entities/person/2944935d-0b87-49be-9948-63cc91c050ff)

[Zufferey, Noé](https://iris.unil.ch/entities/person/00ac6ba8-e370-4508-ba04-e3b846b40c81)

[Salehzadeh Niksirat, Kavous](https://iris.unil.ch/entities/person/e5c03883-048c-40d8-bf09-2aea1fa425a0)

[Humbert, Mathias](https://iris.unil.ch/entities/person/b2c29137-b436-4bb5-ac26-179cfdf81053)

Links to units

[Département des systèmes d'information](https://iris.unil.ch/entities/orgunit/ea5cb1db-0d46-435a-9f5e-e334d1b6ec0e)

ISSN

2299-0984

Editorial status

Published

Date Issued

2023-01

Volume

2023

Issue

1

First page

47

Last page/article number

67

Peer-reviewed

True

Language

english

Abstract

The number of users of wearable activity trackers (WATs) has rapidly increased over the last decade. While these devices enable their users to monitor their activities and health, they also raise new security and privacy concerns given the sensitive data (e.g., steps, heart rate) they collect and the information that can be inferred from this data (e.g., diseases). Besides the service providers (e.g., Fitbit), WAT users can share their fitness data with third-party applications (TPAs) and individuals. Understanding how and with whom users share their fitness data and what kind of approaches they take to preserve their privacy is key to assess the underlying privacy risks and to further design appropriate privacy-enhancing techniques. In this work, we perform, through a large-scale survey of 𝑁 = 628 WAT users, the first quantitative and qualitative analysis of users’ awareness, understanding, attitudes, and behaviors toward fitness-data sharing with TPAs and individuals. In particular, we explore users’ practices and actual behaviors toward fitness-data sharing, as well as their mental models by asking them to draw their thoughts. Our empirical results show that about half of WAT users underestimate the number of TPAs to which they have granted access to their data, while 63% share data with at least one TPA that they do not actively use (anymore). Moreover, 29% of the users did not revoke TPA access to their data because they forgot they had given access to it in the first place, and 8% were not even aware they could revoke access to their data. Finally, their mental models as well as some of their answers demonstrate substantial gaps in their understanding of the data-sharing process. In particular, 67% of the respondents think that TPAs cannot access the fitness data that was collected before they granted access to it, while TPAs actually can.

Serval PID

serval:BIB\_1C9A39968549

DOI

[10.56553/popets-2023-0004](https://doi.org/10.56553/popets-2023-0004)

Permalink

<https://iris.unil.ch/handle/iris/126415>

Research dataset DOI

10.17605/OSF.IO/Z6FW9

Open Access

True

Creation date

2022-09-06T18:50:11.294Z

Creation date in IRIS

2025-05-20T20:33:42Z

File(s)

Loading...

Download

**Name**

Zufferey2023PoPETS.pdf

**Manuscript version**

published

**License**

[CC BY 4.0](https://creativecommons.org/licenses/by/4.0)

**Visibility**

Open Access

**Size**

4.25 MB

**Format**

Adobe PDF

**Serval PID**

serval:BIB\_1C9A39968549.P001

**URN**

[urn:nbn:ch:serval-BIB\_1C9A399685495](https://nbn-resolving.org/urn:nbn:ch:serval-BIB_1C9A399685495)

**Checksum**

(MD5):f6300c3bba63aa879d891c2e20264ff4