U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Investigating Wearable Fitness Applications: Data Privacy and Digital Forensics Analysis on Android

NCJ Number
307229
Journal
Journal of Applied Sciences Volume: 12 Issue: 19 Dated: 2022
Author(s)
Shinelle Hutchinson; Mohammad Meraj Mirza; Nicholas West; Umit Karabiyik; Marcus K. Rogers; Tathagata Mukherjee; Sudhir Aggarwal; Haeyong Chung; Carrie Pettus-Davis
Date Published
2022
Annotation

This article examines the use of wearable fitness applications and their potential use in forensic investigations.

Abstract

Wearable devices are becoming more and more prevalent in our daily lives as people become more curious about how well they are doing in monitoring, improving, or maintaining their health and fitness. Fitness trackers and smartwatches have become almost ubiquitous, so these devices have begun to play a critical role in forensic investigations. In this paper, the authors conducted a forensic analysis of the controlling applications for three popular fitness bands and smartwatches (i.e., Amazon Halo, Garmin Connect, and Mobvoi) on an Android smartphone device to (1) provide forensic investigators with a road-map of forensically relevant data that are stored within these applications and (2) highlight any privacy concerns that the stored data within these applications may present to the applications’ users. Findings indicate that the three fitness applications store a wealth of user data. In particular, the Amazon Halo app stores daily, weekly, and monthly activity-related data for at least the last 13 days. The user’s Tone Analysis results were also recovered. The Garmin Connect application also records detailed user activity information, as it was possible to recover the last 15 days worth of user activity data. The Garmin Connect user’s general location was also determined via the application’s weather notification feature. Lastly, the Mobvoi application records all data points from the time the device is first used until the last time the device is used. These data points may include heart rates taken every 5 min and step counts. Findings highlight the possibility of collecting personally identifiable information about users of these devices and apps, including their profile information, habits, location, and state of mind. These findings would be pertinent to forensic investigators in the event that these or similar applications are part of an investigation. (Published Abstract Provided)