Nowadays, the wearables marketed by different brands, practically all of them have incorporated "fitness tracker" functions, that is, they collect personal information about our physical activities, however only one of them is capable of keeping the data safe from any person who wants to intercept them, you are right, it is the Apple Watch. At least he says so a study conducted by the Citizen Lab from the University of Toronto thanks to the Munk School of Global Affairs.
Said study entitled "A wrong step: Comparative analysis of fitness tracker in matters of Privacy and Security," has been carried out to analyze the data transmitted through Bluetooth connections and safety factors that have been implemented to encrypt the information. The wearables that came together in this study were in addition to the Apple Watch, others such as Fitbit, Garmin, Jawbone, Basis, Mio, Withings, and Xiaomi.
What they found was that all the devices tested except the Apple Watch they broadcast a MAC address By way of identification, this means that any person with sufficient knowledge of technology could download through a sniffer via the Bluetooth connection, the personal data of the subject in question. With that information in hand, you could potentially compromise the security of data that is synced to your smartphone.
Most of the tested devices transmit data in a way that could be easily intercepted and in some cases it would even be possible to falsify the data sent to the smartphone application. The study also showed that data sent from the smartphone itself to different online services could be intercepted on all devices, except Apple Watch and Basis Peak. On all devices other than the apple watch It was found that they were not using existing Bluetooth protocols designed to prevent someone from intercepting wireless transmissions.
It sounds disturbing and to a certain extent it is. To put a hypothetical case, a stalker, for example, could wait in a certain location every day to repeatedly capture fitness tracker data of someone, where if location information is included, they could have access to their workplaces or their case. It is something difficult but not impossible for that and rarer things have been seen.
The solution for those responsible for the study would be to incorporate Bluetooth privacy policy and encrypt the data sent between the devices, as well as the data that would be uploaded to the online servers. This does not mean that now there will be massive attacks to capture the information of our activity, but this does not mean that manufacturers should neglect this aspect since, although not too important, it is still personal information.