Browse all articles

Privacy and Security Evaluation of the Apple Watch

Learn about the Apple Watch privacy and security features

Girard Kelly | April 24, 2020

The Common Sense Privacy Program evaluates the privacy policies of popular consumer and education technology applications and services that are currently used by millions of children at home and in the classroom.

We evaluated the privacy practices and performed a hands-on basic security test of five popular smartwatches used by kids and teens for parents and teachers to learn more about their security practices and how they compare to other popular smartwatches. We completed evaluations of the Apple Watch, Samsung Galaxy Watch Active, Verizon GizmoWatch, Fitbit Ace 2, and Garmin Vivofit Jr. 2, identifying the potential privacy risks and harms that may affect children, students, and families who use these devices.

When evaluating whether to use smart tech paired with a mobile app at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. Our approach lets us compare what the smart tech company says they do with data with what our limited testing can observe about what they actually do with data. We can sometimes observe what data goes to and from the device, but we can't necessarily see what happens with the data when it reaches the external destination. In addition, for our testing purposes we also did not attempt to intercept or observe any cellular or Bluetooth wireless traffic. Our findings are intended to help parents and teachers make better informed decisions about whether to buy this device or a similar smartwatch for use with their children at home or with students at school.

What is smart tech?

The category of smart devices, or the Internet of Things (IoT), covers all the objects or devices used in your home, office, or school that are connected to the internet. More and more of these smart devices are being used by children as toys at home and with students as learning tools in the classroom every day. Smart tech companies claim their devices provide greater convenience and new learning opportunities for children and students, but they also collect and share more information than ever. Connected devices and household gadgets can collect all kinds of sensitive information -- anything from audio and visual recordings of your home to the names of shows you watch, the number of steps you've taken, your child's precise location, how and when you sleep, and even the foods you eat.

What are smartwatches?

A smartwatch is a smart tech device that uses software with a digital touchscreen to display dynamic content on the watch face. However, not all smartwatches are the same. While smartwatches were originally seen as a luxury purchase or status symbol, their prices have fallen rapidly in the past few years. They have become more affordable and are used by more and more kids and teens every day. But there are still inexpensive watches and expensive watches -- watches with only one basic feature and watches with dozens of advanced features, and even watches designed for specific purposes or for specific segments of the population, like kids or athletes. Some smartwatches collect very little sensitive data, but others are designed to collect as much sensitive data as possible, with thousands of data points used to create a profile of the wearer. All smartwatches tell time, and most have fitness features such as a pedometer that measures your steps throughout the day. However, more expensive smartwatches also include advanced fitness-tracking features on the watch and in the companion mobile application. Other advanced features include the ability to send and receive phone calls and messages on the device, and to install third-party apps on the device and mobile application.

What we tested

For this article, we evaluated a popular smartwatch used by kids and teens: the Apple Watch Series 5.

Product Details

Company

Apple

Name

Apple Watch Series 5

Link

Website

Price

$399

Category

Smartwatches for Kids & Teens

Software

Apple Watch (iOS)

Privacy Rating

79% Pass

Bottom line

Best watch for privacy: The Apple Watch offers easy integration with Apple mobile devices and has the most privacy-protecting practices of the smartwatches we tested.

 

Pros

Cons

1.

Best Apps: The App Store has the best selection of watch apps available for kids and teens to get the most out of their smartwatch.

Apple Only: The Apple Watch is only compatible with newer Apple iOS devices and not compatible with other mobile devices that run the Android operating system.

2.

No Apple Ads or Tracking: Policy states that Apple will not use information about a child's activities for advertising or tracking purposes. However, third-party apps could still use personal data for ads or tracking.

Third-party Apps: Apple allows the use of third-party watch apps through the App Store. These could put a child or student's personal information at risk.

3.

Parental Consent: Policy states that parental consent is required to collect or share children's personal data.

Most Expensive: The Apple Watch is the most expensive watch we tested and also requires purchase of an Apple iOS–supported mobile device.

Intended Audience
 

Home

School

Kids (under 13)

Kids could use the Apple Watch at home to tell time, track their exercise and sleep, play games, read messages, see notifications, and make phone calls to family and friends.

Kids could use the Apple Watch in the classroom to tell time, track their steps, receive notifications, messages, and play watch app games.

Students (K-12)

Students could use the Apple Watch at home to track their steps or heart rate as part of a classroom challenge, learn with education-related watch apps, or receive calendar or homework notifications.

Students could use the Apple Watch in the classroom as part of a fitness activity and participate with other students in app competitions, or learn how to code Watch apps with the watchOS Kit.

What we found

Our hands-on security testing of smartwatches focuses on both the hardware of the smartwatch device itself and on the privacy of the companion mobile application that is used to set up the device, extended its functionality, and transfer data between the smartwatch, the mobile device, and the internet.

Software

The Apple Watch is paired with the following iOS mobile apps:

 Watch

 Siri

 Apple Home

 Apple Music

Device setup

The Apple Watch mobile application launches with a welcome screen prompting the user to use their iPhone to set up the watch. The app asks the user to pair their new smartwatch and uses Bluetooth to pair the Apple Watch to the user's iPhone and mobile app. Once connected, the watch app allows the user to customize their Apple Watch experience by selecting their wrist preference and displays Apple's privacy policy and terms of use for review. Don't worry, we already read the privacy notice and terms and conditions for you and summarize our findings in our privacy evaluation.

         

Parental controls

A user is automatically logged into their existing Apple ID username and password on the mobile device to personalize their Apple Watch. If a user does not have an Apple ID, they can create a new Apple ID account and are asked to enter their birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the mobile app requests that a parent or guardian provide consent for the child or student. A parent must provide consent through the Family Sharing setting of their Apple ID account, where they can create an Apple ID for their child. A parent must first review Apple's parent privacy disclosure, then enter their child's personal information, including an iCloud.com email address and a password that meets strong and complex password requirements. 

         

Watch app settings

The mobile app requests to always collect route location tracking information to provide more relevant weather and route-related information to users on the watch. In addition, the mobile app provides notice that it will always share the iPhone Apple ID account holder's settings and information to personalize the watch and mobile app. The user is also asked to provide personal information for fitness tracking and activity app purposes, including their age, sex, height, weight and disability status. Lastly, the mobile app asks the user about their level of physical activity (Daily Move Goal) to start using the Apple Watch for fitness training and to receive daily goal-related notifications.

           

Personalizing Apple Watch

The mobile app also provides a tour of the different ways to personalize the smartwatch, including keeping the watch up to date with automatic software updates, creating emergency contacts, and notice of SOS fall detection. The mobile app also lets users customize their watch face and syncs all the user's settings to their watch.

       

Getting started

After the Apple Watch is synced with the mobile app on the iPhone, the mobile app allows the user to change any of the settings of the watch or activity app, personalize the clock face with Face Gallery, and load additional Apple Watch apps from their iPhone at any time. 

        

Hardware

The Apple Watch hardware is packed with new technologies, which also means that the device has data-collection capabilities that raise privacy and security concerns. The chart below shows what we found in both the hardware of the smartwatch itself (in the row labeled "Device"), and the companion mobile application installed on a mobile device (in the row labeled "App"). Learn more about what's inside the Apple Watch and read our tips on privacy and security below.

Device Collection Details

 

Step tracking

Heart rate tracking

Sleep tracking

Cellular connectivity

Microphone access

GPS location access

App

Yes

Yes

Yes

No

No

No

Device

Yes

Yes

No

Yes

Yes

Yes

What can all that hardware do?

Apple Watch has a "brain" with a S5 64-bit dual-core processor chip. That means Apple Watch can quickly collect and process information within the device itself.

Tip: The more information collected and processed, the more privacy and security risk there is for that information.

Apple Watch can "feel" with an accelerometer, gyroscope, pedometer, optical heart rate sensor, and force-touch haptic feedback in the device. That means Apple Watch can collect information about when and how an individual touches the watch display and can detect their steps when walking or running. The watch can also detect a user's heart rate and amount of sleep they achieved the night before, and can display all that health-related information on the smartwatch or mobile app.

Tip: Information collected about a child's or student's bodily health or use of a product's tracking features over time is typically called usage, biometric, or behavioral information.

Apple Watch has "ears" with a multidirectional microphone that listens for Siri voice commands and phone calls. That means the Apple Watch can listen to and process multiple conversations at the same time and focus on the direction that voices and sounds are coming from.

Tip: Audio information about the duration, tone, pitch, and content of voice communications, as well as when and where those communications happened, may contain personal or sensitive information. This is a risk to a greater number of people's privacy when the Apple Watch is used in a public place, office space, or classroom than when it's used in a private home on speaker phone.

Apple Watch has a voice that is spoken through its watch speakers that make synthesized sounds and respond to commands with Siri. That means the Apple Watch knows which sounds it makes and the content of the synthesized conversations it has with users.

Tip: Information about the duration and content of spoken responses the Apple Watch gives to users, and when and where the Apple Watch gives those responses, may contain personal or sensitive information and may be audible to others. This is a risk to a greater number of people's privacy when the Apple Watch is used in a public place, office space, or classroom than when it's used in a private home on speaker phone.

Apple Watch has a "face" with its retina display watch face and its companion iOS Watch mobile app. That means the Apple Watch can display images to children and students on their watch face or on a mobile device through the digital screen.

Tip: Fitness- or health-related information visually displayed to users may contain personal or sensitive information and be visible to others. This is a bigger privacy risk when the Apple Watch is used in a public place, office space, or classroom than when it's used in a doctor's office or private home.

Apple Watch has connectivity with 802.11n Wi-Fi, Bluetooth, GPS, and cellular connectivity for sending and receiving data. That means the Apple Watch can send and receive information it has collected or processed.

Tip: Wi-Fi and cellular LTE connections on a smartwatch device or mobile device can send collected information to the cloud for processing and must be encrypted while in transit and while stored in the cloud to remain secure.

Apple Watch has energy with a built-in rechargeable lithium-ion battery for up to 18 hours of use. That means the Apple Watch is able to collect and process sensitive health-related information continuously while it is powered on and being worn on the individual's wrist.

Tip: The longer a device is operational, the more sensitive information it can collect and process.

Apple Watch connects with other watch apps and smart home products through the App Store and Apple HomeKit. That means other third-party watch apps and compatible smart home products can connect to the Apple Watch through the smartwatch device or mobile app and could collect and use personal information from the Apple Watch and mobile app for a different purpose.

Tip: Devices that allow installing third-party apps can increase the risk that malicious apps may be installed that can steal sensitive personal information. Other apps may not have the same privacy and security protections as Apple and may be able to collect personal data for other unintended purposes.

Privacy rating

privacy rating and score (How we rate)


DATA SAFETY DATA RIGHTS ADS & TRACKING
How safe is this product? What rights do I have to the data? Are there advertisements or tracking?
Better Users cannot interact with trusted users and/or students. Better Opt-in consent is requested from users at the time personal information is collected. Better Data is not shared for third-party advertising and/or marketing.
Unclear Users can interact with untrusted users, including strangers and/or adults. Better Users can control their information through privacy settings. Worse Traditional or contextual advertisements are displayed.
Unclear Profile information is shared for social interactions. Worse Users can create or upload content. Better Behavioral or targeted advertising is not displayed.

Continue reading about this tool's privacy practices, including data collection, sharing, and security.

If you would like to see how the Apple Watch compares to other popular smartwatches for kids, read our article comparing Smartwatch Privacy for Kids During the Coronavirus Pandemic.