Learn about the Fitbit Ace 2 privacy and security features
The Common Sense Privacy Program evaluates the privacy policies of popular consumer and education technology applications and services that are currently used by millions of children at home and in the classroom.
We evaluated the privacy practices and performed a hands-on basic security test of five popular smartwatches used by kids and teens for parents and teachers to learn more about their security practices and how they compare to other popular smartwatches. We completed evaluations of the Apple Watch, Samsung Galaxy Watch Active, Verizon Gizmo Watch, Fitbit Ace 2, and Garmin Vivofit Jr. 2, identifying the potential privacy risks and harms that may affect children, students, and families who use these devices.
When evaluating whether to use smart tech paired with a mobile app at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. Our approach lets us compare what the smart tech company says they do with data with what our limited testing can observe about what they actually do with data. We can sometimes observe what data goes to and from the device, but we can't necessarily see what happens with the data when it reaches the external destination. In addition, for our testing purposes we also did not attempt to intercept or observe any cellular or Bluetooth wireless traffic. Our findings are intended to help parents and teachers make better informed decisions about whether to buy this device or a similar smartwatch for use with their children at home or with students at school.
What is smart tech?
The category of smart devices, or the Internet of Things (IoT), covers all the objects or devices used in your home, office, or school that are connected to the internet. More and more of these smart devices are being used by children as toys at home and with students as learning tools in the classroom every day. Smart tech companies claim their devices provide greater convenience and new learning opportunities for children and students, but they also collect and share more information than ever. Connected devices and household gadgets can collect all kinds of sensitive information -- anything from audio and visual recordings of your home to the names of shows you watch, the number of steps you've taken, your child's precise location, how and when you sleep, and even the foods you eat.
What are smartwatches?
A smartwatch is a smart tech device that uses software with a digital touchscreen to display dynamic content on the watch face. However, not all smartwatches are the same. While smartwatches were originally seen as a luxury purchase or status symbol, their prices have fallen rapidly in the past few years. They have become more affordable and are used by more and more kids and teens every day. But there are still inexpensive watches and expensive watches -- watches with only one basic feature and watches with dozens of advanced features, and even watches designed for specific purposes or for specific segments of the population, like kids or athletes. Some smartwatches collect very little sensitive data, but others are designed to collect as much sensitive data as possible, with thousands of data points used to create a profile of the wearer. All smartwatches tell time, and most have fitness features such as a pedometer that measures your steps throughout the day. However, more expensive smartwatches also include advanced fitness-tracking features on the watch and in the companion mobile application. Other advanced features include the ability to send and receive phone calls and messages on the device, and to install third-party apps on the device and mobile application.
What we tested
For this article, we evaluated a popular smartwatch used by kids and teens: the Fitbit Ace 2.
| Product Details | |
|
Company |
Fitbit |
|
Name |
Ace 2 |
|
Link |
|
|
Price |
$399 |
|
Category |
Smartwatches for Kids & Teens |
|
Software |
Fitbit App |
|
Privacy Rating |
Bottom line
Best watch for kids: The product offers great features with the Fitbit app, but parents and teachers should use it with caution because of its potential to collect a large amount of data about children or students.
| Intended Audience | ||
|
Home |
School |
|
|
Kids (under 13) |
Kids can use the Fitbit Ace 2 to track their exercise, sleep, and add friends to play challenges and adventures. |
Kids can use Fitbit Ace 2 at school to tell time, track steps during the day, and add friends for challenges. |
|
Students (K-12) |
Students can use the Fitbit Ace 2 at home to track their steps as part of a classroom challenge. |
Students can use the Fitbit Ace 2 in the classroom as part of an activity and participate with other students in challenges, races, and competitions. |
What we found
Our hands-on security testing of smartwatches focuses on both the hardware of the smartwatch device itself and on the privacy of the companion mobile application that is used to set up the device, extended its functionality, and transfer data between the smartwatch, the mobile device, and the internet.
Software
The Fitbit watch is paired with the following mobile app:
Fitbit (iOS, Google Play)
Device setup
The Fitbit mobile application launches with a welcome screen prompting use of the device's Bluetooth connectivity to connect and set up the Ace 2 watch. The app asks the user to join Fitbit and register a new account or to login with their existing account. In addition, the app asks the user which smartwatch they will be using and once the "Ace 2 - for kids" edition is selected, the user is prompted to create a family account in addition to their Fitbit account.
Create family account
The app prompts the user that a parent or guardian is needed to set up a family account, and the app requests the parent provide their name, email, and password to complete the registration.
Privacy policy
During registration the app requires the parent to agree that they have read Fitbit's terms of use, privacy policy, and cookie use policy. Don't worry, we already read the privacy notice and terms and conditions for you and summarize our findings in our privacy evaluation. In addition, the app requires the user to opt out of receiving first-party Fitbit marketing communications (which should, as a best practice, always be opt-in).
Create child account
After a parent has completed registration or logged in to the app with their Fitbit account and created their family account, Fitbit prompts the parent to create a final child account. The app requests the child's first name, username, gender, birthday, and height. Lastly, Fitbit allows the parent to switch the Fitbit app to a "Kid View" so they can safely use the mobile device and Fitbit app paired with their smartwatch.
Getting started
The app lets parents easily see on the Today tab how many steps their child has taken, as well as calories burned and active minutes tracked. The Discover tab shows more detailed information about sleep, exercise, and weight and provides guided workout programs and paid subscription offers. The Community tab lets users chat and join groups to share achievements and challenges. Once the Community tab is activated, the app requests permission to share system notifications. However, the Kid View appropriately restricts a child's ability discover paid offers in the Discover tab and to chat with untrusted users in the Community tab. With the family account, parents can approve trusted connections, while the limited Kid View lets kids see their stats and badges they earned.
Pair watch
The app requests to pair the Fitbit family account and child account to the child's new Ace 2 watch. The app uses Bluetooth to discover the smartwatch and requires a PIN code displayed on the watch to pair the Ace 2 to the app. This is an extra level of security to prevent another person from trying to pair the child's watch with their own mobile device if they are within Bluetooth range.
Watch settings
During the watch pairing process, Fitbit displays a promotional advertisement to purchase an additional protection plan for the device, which may be confusing to young children and be inadvertently purchased if they assume it is required to pair the watch with the app. The watch prompts the user to update the smartwatch device with the latest software. During the update, the app shows additional features that parents and kids can use with their new smartwatch.
Tour guide
After the watch is paired and updated, the app provides a tour of how to use the basic functions of the Ace 2 smartwatch.
Continued tour
The tour also includes how to take care of the Ace 2 smartwatch and how to charge the device to get the most out of the Fitbit experience.
Fitbit Premium
Lastly, as part of the setup process, Fitbit displays a second promotional advertisement to purchase a Fitbit Premium plan for the device. Again, this may be confusing to young children and inadvertently purchased if children assume it is required to set up the watch.
Hardware
The Ace 2 watch hardware is packed with new technologies, which also means that the device has data-collection capabilities that raise privacy and security concerns. The chart below shows what we found in both the hardware of the smartwatch itself (in the row labeled "Device"), and the companion mobile application installed on a mobile device (in the row labeled "App"). Learn more about what's inside the Ace 2 Watch and read our tips on privacy and security below.
Device collection details
|
Step tracking |
Heart rate tracking |
Sleep tracking |
Cellular connectivity |
Microphone access |
GPS location access |
|
|
App |
Yes |
No |
Yes |
No |
No |
No |
|
Device |
Yes |
No |
Yes |
No |
No |
No |
What can all that hardware do?
The Fitbit Ace 2 watch has a "brain" with high-performance embedded processor. That means the Ace 2 watch can quickly collect and process information within the device itself.
Tip: The more information collected and processed, the more privacy and security risk there is for that information.
The Fitbit Ace 2 watch can "feel" with an accelerometer, pedometer, and vibration motor feedback in the device. That means the Ace 2 watch can collect information about when and how an individual touches the watch display and can detect their steps when walking or running. The watch can also detect the amount of sleep they achieved the night before and can display all that health-related information in the mobile app.
Tip: Information collected about a child's or student's bodily health or use of a product's tracking features over time is typically called usage, biometric, or behavioral information.
The Fitbit Ace 2 watch has a "face" with its grayscale OLED display watch face and its companion Fitbit mobile app. That means the Ace 2 watch can display images to children and students on their watch face or on a mobile device through the digital screen.
Tip: Fitness- or health-related information visually displayed to users may contain personal or sensitive information and be visible to others. This is a bigger privacy risk when the Fitbit app is used in a public place, office space, or classroom than when it's used in a doctor's office or private home.
The Fitbit Ace 2 watch has connectivity with Bluetooth for sending and receiving data. That means the Ace 2 watch can send and receive information it has collected or processed with its companion app.
Tip: Bluetooth connections on a smartwatch device or mobile device can send collected information to the cloud for processing and must be encrypted while in transit and while stored in the cloud to remain secure.
The Fitbit Ace 2 watch has energy with a built-in rechargeable lithium-polymer battery for up to 5 days of use. That means the Ace 2 watch is able to collect and process sensitive health-related information continuously while it is powered on and being worn on the individual's wrist.
Tip: The longer a device is operational, the more sensitive information it can collect and process.
Privacy rating
| DATA SAFETY | DATA RIGHTS | ADS & TRACKING |
| How safe is this product? | What rights do I have to the data? | Are there advertisements or tracking? |
 Users can interact with trusted users and/or students. |
Opt-in consent is requested from users at the time personal information is collected. |
 Data is shared for third-party advertising and/or marketing. |
 Users can interact with untrusted users, including strangers and/or adults. |
Users can control their information through privacy settings. |
Traditional or contextual advertisements are displayed. |
| Profile information is shared for social interactions. |
Users can create or upload content. |
Behavioral or targeted advertising is displayed. |
Continue reading about this tool's privacy practices, including data collection, sharing, and security.
If you would like to see how the Fitbit watch compares to other popular smartwatches for kids, read our article comparing Smartwatch Privacy for Kids During the Coronavirus Pandemic.
