help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Another Fitbit privacy rant

ANSWERED
Replies are disabled for this topic. Start a new one or visit our Help Center.

‎03-26-2018 15:57

‎03-26-2018 15:57

Well I came here to complain about the new notification permissions, but thankfully you guys got that covered.   I literally only need it to remind me if battery is running low, and whatever if it wants to send me an update about my fitness related stuff for that day that's cool too.  It does not need to read my text messages to do that.  It's extremely shady and makes me question their integrity as a company. 

 

But the other thing I don't get is, why does the app require access to ALL my contacts if I just want to add one friend on it.  My Fitbit account isn't even associated with a phone number.  All it should need is my friend's e-mail to add them, or even the unique "user code" (at the end of your public URL).  

 

I'd really like to hear the justification to requiring access to hundreds of contacts, which aside from their phone numbers may contain sensitive information like their addresses and birthdays, just to add one person - especially since as I said the Fitbit account isn't even associated to a phone # (unlike messenger apps where it makes sense that they would need access to it). 

Best Answer
0 Votes
1 BEST ANSWER

Accepted Solutions

‎03-27-2018 10:22

In response to SunsetRunner

‎03-27-2018 10:22

@SunsetRunnerwrote:
@WavyDaveywrote:
@SunsetRunnerwrote:

 

I'd really like to hear the justification to requiring access to hundreds of contacts, which aside from their phone numbers may contain sensitive information like their addresses and birthdays, just to add one person - especially since as I said the Fitbit account isn't even associated to a phone # (unlike messenger apps where it makes sense that they would need access to it). 

I think the justification lies with the Android developers. There's not a way to grant access to an individual contact. If there were, you would have to make a separate permission for each person in your contact list, which sounds too inefficient to implement.

Take a look at Fitbit's privacy policy, which goes over what information is collected, why, and how it is used.

 

 

"To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. For example, you may connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends."

 

https://www.fitbit.com/legal/privacy-policy

I'm not suggesting that I should be able to grant them with permission of only one contact, I'm saying accessing any contacts at all is completely unnecessary. My contacts list contains mainly phone numbers, which are irrelevant to Fitbit.  My user ID that ties my account to the app is my e-mail. So I'm not really following why they can't just ask me to enter my friend's e-mail instead of asking to be granted permissions to my whole contacts list.

 

The privacy policy sounds great but does not give me much comfort considering you hear how companies were accessing people's info well beyond the stated scope every other week. 

 

I think that your contacts only contain phone numbers is an unusual situation. More common is that emails are in there also. The idea is to allow people to find multiple friends at once, for convenience.I'd rather have it that way than having to guess which of my friends might be using Fitbits and manually add them.

Convenience and security are always at odds.


 

Work out...eat... sleep...repeat!
Dave | California

View best answer in original post

Best Answer
6 REPLIES 6

‎03-26-2018 16:42

‎03-26-2018 16:42

If you go to the app permissions on your phone for the Fitbit app, you can turn off the permissions for contacts.  If you want to add friends, give the app permissions to your contacts long enough to add them, then turn the permissions off.

Best Answer
0 Votes

‎03-26-2018 19:38 - edited ‎03-26-2018 19:38

‎03-26-2018 19:38 - edited ‎03-26-2018 19:38

@SunsetRunnerwrote:

 

I'd really like to hear the justification to requiring access to hundreds of contacts, which aside from their phone numbers may contain sensitive information like their addresses and birthdays, just to add one person - especially since as I said the Fitbit account isn't even associated to a phone # (unlike messenger apps where it makes sense that they would need access to it). 

I think the justification lies with the Android developers. There's not a way to grant access to an individual contact. If there were, you would have to make a separate permission for each person in your contact list, which sounds too inefficient to implement.

Take a look at Fitbit's privacy policy, which goes over what information is collected, why, and how it is used.

 

 

"To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. For example, you may connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends."

 

https://www.fitbit.com/legal/privacy-policy

Work out...eat... sleep...repeat!
Dave | California

Best Answer
0 Votes

‎03-26-2018 23:30 - edited ‎03-26-2018 23:32

In response to SunsetRunner

‎03-26-2018 23:30 - edited ‎03-26-2018 23:32

@SunsetRunnerwrote:

If you go to the app permissions on your phone for the Fitbit app, you can turn off the permissions for contacts.  If you want to add friends, give the app permissions to your contacts long enough to add them, then turn the permissions off.

I can't say this with 100% certainty as I don't develop for Android but I would think giving them access to contacts temporarily would allow them to scrape the whole contact list (along with all the info) if they wanted to.  If so then disabling it afterwards wouldn't do much.

 

I'm not sure how the adding of contacts even works (and don't really to care to test it out) but if I want to add my friend "Dave" for whom I just have a phone # saved, how does the app even know who Dave is if phone numbers aren't associated with Fitbit? If it sends him some kind text where he has to approve my request, that exact process could be made much simpler by just asking me for the e-mail of my friend (which Fitbit accounts are actually associated with), which he can accept or reject..

Best Answer
0 Votes

‎03-26-2018 23:42

In response to WavyDavey

‎03-26-2018 23:42

@WavyDaveywrote:
@SunsetRunnerwrote:

 

I'd really like to hear the justification to requiring access to hundreds of contacts, which aside from their phone numbers may contain sensitive information like their addresses and birthdays, just to add one person - especially since as I said the Fitbit account isn't even associated to a phone # (unlike messenger apps where it makes sense that they would need access to it). 

I think the justification lies with the Android developers. There's not a way to grant access to an individual contact. If there were, you would have to make a separate permission for each person in your contact list, which sounds too inefficient to implement.

Take a look at Fitbit's privacy policy, which goes over what information is collected, why, and how it is used.

 

 

"To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. For example, you may connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends."

 

https://www.fitbit.com/legal/privacy-policy

I'm not suggesting that I should be able to grant them with permission of only one contact, I'm saying accessing any contacts at all is completely unnecessary. My contacts list contains mainly phone numbers, which are irrelevant to Fitbit.  My user ID that ties my account to the app is my e-mail. So I'm not really following why they can't just ask me to enter my friend's e-mail instead of asking to be granted permissions to my whole contacts list.

 

The privacy policy sounds great but does not give me much comfort considering you hear how companies were accessing people's info well beyond the stated scope every other week. 

 

Best Answer
0 Votes

‎03-27-2018 10:22

In response to SunsetRunner

‎03-27-2018 10:22

@SunsetRunnerwrote:
@WavyDaveywrote:
@SunsetRunnerwrote:

 

I'd really like to hear the justification to requiring access to hundreds of contacts, which aside from their phone numbers may contain sensitive information like their addresses and birthdays, just to add one person - especially since as I said the Fitbit account isn't even associated to a phone # (unlike messenger apps where it makes sense that they would need access to it). 

I think the justification lies with the Android developers. There's not a way to grant access to an individual contact. If there were, you would have to make a separate permission for each person in your contact list, which sounds too inefficient to implement.

Take a look at Fitbit's privacy policy, which goes over what information is collected, why, and how it is used.

 

 

"To help improve your experience or enable certain features of the Services, you may choose to provide us with additional information. For example, you may connect with friends on the Services or invite friends who have not yet joined by providing their email addresses, accessing social networking accounts, or using the contact list on your mobile device. We do not store your contact list and delete it after it is used for adding contacts as friends."

 

https://www.fitbit.com/legal/privacy-policy

I'm not suggesting that I should be able to grant them with permission of only one contact, I'm saying accessing any contacts at all is completely unnecessary. My contacts list contains mainly phone numbers, which are irrelevant to Fitbit.  My user ID that ties my account to the app is my e-mail. So I'm not really following why they can't just ask me to enter my friend's e-mail instead of asking to be granted permissions to my whole contacts list.

 

The privacy policy sounds great but does not give me much comfort considering you hear how companies were accessing people's info well beyond the stated scope every other week. 

 

I think that your contacts only contain phone numbers is an unusual situation. More common is that emails are in there also. The idea is to allow people to find multiple friends at once, for convenience.I'd rather have it that way than having to guess which of my friends might be using Fitbits and manually add them.

Convenience and security are always at odds.


 

Work out...eat... sleep...repeat!
Dave | California

Best Answer

‎02-28-2023 12:14

‎02-28-2023 12:14

I have business associates in my contact list and am not interested in sharing them with anyone.

Jack K
Best Answer
0 Votes