| Popis: |
The recent advent of wearable fitness trackers has fueled concerns in regards to the privacy they provide. In particular, previous works have indicated that the associated fitness apps may contact unexpected Internet destinations. In this work we identify the third-party connections of the official mobile Fitbit application and its partners, and study whether they can be blocked without hindering the essential functionality of the devices. We show that disabling traffic to the domains contained in well-maintained blocklists does not prevent Fitbit trackers from correctly reporting activity data, including steps, workouts, duration and quality of sleep, etc. Moreover, we demonstrate that Fitbit activity data are correctly synchronized for 6 partner apps of Fitbit when utilizing the above blocking rules. Our results suggest that more than of the third parties for the Fitbit-associated apps are contained in credible domain-based blocklists. Furthermore, we find all studied app to contact between 1 and 20 non-required third parties. Finally, over of the blocked destinations are identified by the default installation of uBlock Origin – universally used content filter (adblocker). Unlike previous works on blocking unnecessary IoT communications, our methodology can be easily utilized by end-users. |
