Too many tracking attempts from Optimizely on the ...

RodrigoMFitbit · ‎01-05-2022

I installed the new DuckduckGo app on android which allows you to monitor and block apps carrying out tracking attempts in the background. On the first day (less than 24 hours) I had 1446 tracking attempts block in the Fitbit app from Optimizely. So far in the second day (12 hours), I have had a further 183 tracking attempts from Optimizely within the Fitbit app. I have not even opened or used the app today.

Despite fitbits attempts to force me to grant permissions to access my phones MobileTrackstep collection, which I have blocked, the apps tracking attempts is ridiculous.

I currently have a Charge 3 (which I am happy enough with) and I have also noticed recently on my Instagram feed (I have personalised ads turned off) that I am getting adverts for a Charge 5 (I've since blocked them and reported as spam).

This excessive tracking is unacceptable not only for my privacy concerns but also the excessive drain on my phones battery from the constant communication attempts from Fitbit/Google/Optimizely.

Moderator edit: Subject for clarity.

Rich_Laue · ‎01-05-2022

What type of requests have been tracked by Duckduckgo @mcsparron

Can't comment on the.specific requests when they are unknown to us. However these are some that I can think off

The first thing to look at are the permissions that where agreed to.
Your phone at startup runs Fitbit Services. This can be checked in several ways.
Fitbit services needs run in the background.

Backgrond services are required for: the Fitbit notification services. For:

The app needs access to the Bluetooth services to communicate with the tracker.
Notifications to allow notification to be sent to tracker
GPS when the user wants to track a walk/run/etc.. Starting the walk tracker on your wrist may add an entry to DDG (DuckDuckGo)
Location Services during a sync - required now by both Android and ios for a Bluetooth low energy exploit fix
The fitbit app will try to sync the tracker a few times each hour. Even when the user interface was never opened
Every sync requires Internet access, data goes to the cloud service and not the phone.
Telephone calls to send notification of incoming calls
Contacts - to add a known contact name to a text or phone notification.
Time and date - Fitbit updates this on the watch with every sync
Location during sync- if your app is set to update location for the local timezone
A user may also have Mobile Track enabled in the fitbit app - this allows the phone to be used to count steps when not wearing their tracker and requires access to the phones built in hard ware based step counter - this hardware is your phones track step service that you mention

There may be more, this is what I easily can mention

So yes

Yes every incoming text or phone call DDG will add to their log.
The 3 sync attempts every hour may also add an entry
There probably are more - check the permissions.
Every sync attempt might add 3-5 entries with about 75 sync attempts in a 24 hour periods
A single text or phone notification could add 3 entries
Your Chargev3 doesn't have weather, this would require access to location and Internet.

As for the adverts for the Charge 5 these are put there by Google Ad services and based on your current browser history. Instagram for setting up Goole adds and Google for tracking your online presence are responsable - Not Fitbit.

mcsparron · ‎01-05-2022

All tracking attempts were made by Optimizely through the Fitbit app. Optimizely describes themselves as "Optimizely is an American company that provides digital experience platform software as a service. Optimizely provides A/B testing and multivariate testing tools, website personalization, and feature toggle capabilities, as well as web content management and digital commerce."

The only persmissions I have granted for the app are Location and since the Google acquisition I have been forced to allow Nearby devices also (I still don't understand why I must allow nearby devices, my device worked perfect for years before this has been forced on me).

The app does need access to bluetooth services and is allowed this, this has nothing to do with the app tracking by Optimizely.
Notifications can be sent to the tracker via bluetooth, has nothing to do with the app tracking by Optimizely.
The tracker is connected via bluetooth and provides connected GPS monitoring via this, has nothing to do with the app tracking by Optimizely.
Location Services dieting a sync, again syncing information via bluetooth, not background app tracking.
The fitbit app will try to sync the tracker a few times each hour. Via bluetooth (with the tracker), not background app tracking by Optimizely.
Telephone calls to send notification of incoming calls, this simply doesn't work (contacts permission denied).
Contacts - to add a know contact name to a text or phone notification. Contact permission are blocked on my app.
A user may also have Mobile Track enabled in the fitbit app - this allows the phone to be used to count steps when not wearing their tracker and requires access to the phones built in hard ware based step counter. - As I explained I have this blocked
My Charge 3 does have weather

I will say, I had 183 background tracking attempts today. Since I have blocked and reported as Spam, the Fitbit Charge 5 advert on my Instagram feed from my android device (Pixel 5) I have had no further background tracking attempts in the past 3 hours (down from over 100 per hour in the time before). The only conclusion I can draw from this is despite my choice to not have targeted advertising on Google/Instagram/Fitbit (or any other service I use). I have been targeted by Fitbit and attempted monitoring through Optimizely, but I am no expert, just looking at what I've noticed.

mcsparron · ‎01-05-2022

I can rule out the targeted advertising link. There was 1072 tracking attempts by Optimizely in the Fitbit app during the second 24 hour period.

Do you know why Fitbit uses Optimizely and what data they are tracking?

N8teGee · ‎01-05-2022

I think you may have answered it here "Optimizely provides A/B testing".

It seems (from my observation) that Fitbit tend to do a lot of A/B testing, with some users having different features within the app. I seem to remember some having a blood pressure and glucose tile within the app (which I've never seen myself). Also I've seen friends with slightly different elements in their apps. One had some sort of step streak record, which again is something I've never seen or had.

I might be wrong but it seems quite a coincidence that A/B testing is something provided by the company you mention.

Nathan | UK

Looking to get more sleep? Join the conversation on the Sleep better forum.

mcsparron · ‎01-06-2022

This is still for me, by far and away, the most tracking attempts of any app I have. Most others are on single or low double digits with attempts. So far today there has been a further 1536 by Fitbit.

Rich_Laue · ‎01-06-2022

If what has been started above is correct, these so called tracking is doctors way of tracking the apps performance

mcsparron · ‎01-06-2022

The tracking is on another level today but this is it side by side with the rest.

SunsetRunner · ‎01-06-2022

Hello @mcsparron and thanks for your excellent report.

I'm interested to try on my system as well, can you please share the Play Store link of the app you mention? Thanks

mcsparron · ‎01-07-2022

This link has a links to the playstore and apple store.

https://duckduckgo.com/app

This explains some information about the app tracking abilities of the app.

https://spreadprivacy.com/introducing-app-tracking-protection/

RodrigoMFitbit · ‎01-27-2022

@mcsparron @SunsetRunner @Rich_Laue @N8teGee Nice to see you all here again in the forums. Please apologize my delayed response.

@mcsparron Thanks for the detailed report and screenshots. I am honestly not familiar with these tracking attempts you mention. However, based on what I found on the internet, it is used to track performance. The goal is to analyze performance and popularity. Based on such data, the app can be optimized for different operating systems and devices in particular. However, in comparison with other apps, it does seem to be too many attempts. Note that every time the smartphone tries to sync with your Fitbit device (permission has been granted), it does connect with the server. Syncing in the background is vital for all features to work properly. Every time the device tries to sync, the app is connected to the server. That could be the reason it shows too many tracking attempts. Not sure honestly.

As listed above, there are many reasons the apps needs to run in the background. However, you explained that nothing in that list is related to these tracking attempts. As I as, I am no expert so I do not have a concrete explanation. Rest assured that your data is safe and is not being used other than to serve you better. Here you can find more about this: Fitbit: Privacy - click here.

Have a nice day!

RodrigoM | Community Moderator, Fitbit

mcsparron · ‎01-29-2022

I understand that the app needs to sync to my device to get the latest data off it and that this happens when I open the app. To my knowledge, it does not sync this information in the background when I am not using the app as I can see it pulling the data everytine I open the app. I also know that the app would need to sync with serves on Fitbit to update this information to the cloud. This is not what is being blocked by the app, this process still happens. What's being blocked, I don't know, they are attempts by Optimizely to communicate with my device for some reason. I'd like to know why? Days there are 60 and others there are 4500 I rarely use the app and all this tracking has been going on in the background of an unused app.

SunsetRunner · ‎02-04-2022

I've had over 7300 tracking attempts in the last 24 hours and this amount of tracking is just unacceptable for a service you pay for. I also saw a lot of ads for newer Fitbit devices until I enabled tracking protection.

BunnyWhisperer · ‎05-26-2022

Fitbit app on my phone is constantly sending requests out to logx.optimizely.com - thousands of them per day. Today alone I have logged more than 14,000 requests. If I block the connection, it resorts to using multiple IP addresses for logx.optimizely to get around it. I see other apps on my phone using Optimizely in the background, and none of them are out of control like this. This occurs even though I don't open the app. It happens all day. There's something awry in the programming. It has been happening since I downloaded an update yesterday This is not normal use of Optimizely, and it is a battery drain. Using app version 3.59.1. I may rollback to the previous version and see if that takes care of it.

Widdershins · ‎07-07-2022

Over 6,000 calls to logx.optimizely.com in the last 24hrs on my Android device. This is just silly. If I didn't turn off the phone overnight it would have been even more.

Widdershins · ‎07-07-2022

It appears, so far anyway, that the Android App release 3.63 (36337401) is not calling optimizely every second.

mcsparron · ‎07-09-2022

I had to change the battery usage to 'restricted'. It was the second highest app draining my battery and I've not even opened it in over a week.

Widdershins · ‎07-09-2022

Sadly I may have been too optimistic earlier. I guess 2,000 calls to optimizely is a reduction, but it's still too much.

I forced the app to close then left my phone unused for over an hour. When I looked again at the network logs it had reactivated while I was away.

I have changed all the settings that there are so the app should only run when I start it, but it seems that Fitbit want to carry on tracking anyway.

Combining the app behaviour, inaccuracies in the Charge 4 device and the gall to hide features behind a paywall (premium) I suspect that this is going to be my last Fitbit product.

morganrowse · ‎07-22-2022

Hi all,

I am running a Pihole to block tracking hostnames such as logx.optimizely.com and seeing an absurd amount of requests from my android device with the Fitbit application and a charge 4 permanently connected.

Having deleted the Fitbit application and seeing no further blocks to logx.optimizely.com, I can confirm that the traffic is definitively coming from the Fitbit app.

Can confirm that with AND without network blocking to logx.optimizely.com, that my steps and other metrics are synced to the Fitbit app correctly. Blocking this domain does not seem to impact the core features of the Fitbit app or that of the Charge 4.

Fine that you want to track your users/run AB testing, but please get your devs to fix the retry logic in the Fitbit app. When the API call fails, it will retry 10-20 times immediately after then back off for a few seconds to try again. Rather get this to be a bit more graceful to save battery.

Please @RodrigoMFitbit, move this up the chain, get it worked on and come back with some good news.

subashp · ‎11-23-2022

I am getting tired of Fitbit's shady business practices recently. Why does the app need GPS (when my watch has) as well has 10K+ tracking attempts in the background(using Optimizely)? My data is not for sale Fitbit. You will need my explicit permission to share anything(including experimental features, aka A/B testing as mentioned by someone over here) I am really getting tired of tech companies who are stealing customer information without their knowledge. For me, fitbit is biggest headache at the moment.

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Too many tracking attempts from Optimizely on the Fitbit app

mcsparron

Rich_Laue

mcsparron

mcsparron

N8teGee

mcsparron

Rich_Laue

mcsparron

SunsetRunner

mcsparron

RodrigoMFitbit

mcsparron

SunsetRunner

BunnyWhisperer

Widdershins

Widdershins

mcsparron

Widdershins

morganrowse

subashp