Browse all articles

Privacy and Security Evaluation of the Garmin Vivofit Jr. 2

Learn about the Garmin Vivofit Jr. 2 privacy and security features

Girard Kelly | April 24, 2020

The Common Sense Privacy Program evaluates the privacy policies of popular consumer and education technology applications and services that are currently used by millions of children at home and in the classroom.

We evaluated the privacy practices and performed a hands-on basic security test of five popular smartwatches used by kids and teens for parents and teachers to learn more about their security practices and how they compare to other popular smartwatches. We completed evaluations of the Apple Watch, Samsung Galaxy Watch Active, Verizon GizmoWatch, Fitbit Ace 2, and Garmin Vivofit Jr. 2, identifying the potential privacy risks and harms that may affect children, students, and families who use these devices.

When evaluating whether to use smart tech paired with a mobile app at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. Our approach lets us compare what the smart tech company says they do with data with what our limited testing can observe about what they actually do with data. We can sometimes observe what data goes to and from the device, but we can't necessarily see what happens with the data when it reaches the external destination. In addition, for our testing purposes we also did not attempt to intercept or observe any cellular or Bluetooth wireless traffic. Our findings are intended to help parents and teachers make better informed decisions about whether to buy this device or a similar smartwatch for use with their children at home or with students at school.

What is smart tech?

The category of smart devices, or the Internet of Things (IoT), covers all the objects or devices used in your home, office, or school that are connected to the internet. More and more of these smart devices are being used by children as toys at home and with students as learning tools in the classroom every day. Smart tech companies claim their devices provide greater convenience and new learning opportunities for children and students, but they also collect and share more information than ever. Connected devices and household gadgets can collect all kinds of sensitive information -- anything from audio and visual recordings of your home to the names of shows you watch, the number of steps you've taken, your child's precise location, how and when you sleep, and even the foods you eat.

What are smartwatches?

A smartwatch is a smart tech device that uses software with a digital touchscreen to display dynamic content on the watch face. However, not all smartwatches are the same. While smartwatches were originally seen as a luxury purchase or status symbol, their prices have fallen rapidly in the past few years. They have become more affordable and are used by more and more kids and teens every day. But there are still inexpensive watches and expensive watches -- watches with only one basic feature and watches with dozens of advanced features, and even watches designed for specific purposes or for specific segments of the population, like kids or athletes. Some smartwatches collect very little sensitive data, but others are designed to collect as much sensitive data as possible, with thousands of data points used to create a profile of the wearer. All smartwatches tell time, and most have fitness features such as a pedometer that measures your steps throughout the day. However, more expensive smartwatches also include advanced fitness-tracking features on the watch and in the companion mobile application. Other advanced features include the ability to send and receive phone calls and messages on the device, and to install third-party apps on the device and mobile application.

What we tested

For this article, we evaluated a popular smartwatch device used by kids and teens: the Garmin Vivofit  Jr. 2.

Product Details

Company

Garmin

Name

Garmin Vivofit Jr. 2

Link

Website

Price

$69.99

Category

Smartwatches for Kids & Teens

Software: 

Garmin Vivofit jr.

Privacy Rating: 

46% Warning

Bottom Line

Best Simple Smartwatch: The Garmin Vivofit Jr. 2 watch offers just the limited features of a fitness tracker with activity games and nothing else for the youngest of children.

 

Pros

Cons

1.

Lowest Price: The cheapest fitness tracker for kids we tested, and easy to set up with the Vivofit mobile app.

Limited Features: This watch is just for kids, which means its features are limited to displaying the date and time, tracking steps, earning game points, and a to-do list.

2.

No Third-party Apps: Garmin does not allow the use of third-party apps through its App Store, which could put a child's personal information at risk.

Tracking Requests: Vivofit Jr. mobile app makes third-party advertising and tracking requests that could put children or students' personal information at risk.

3.

Great Content: Garmin provides quality kid-friendly activity-themed games in the Vivofit companion mobile app.

No Child Gate: No age gate is used to prevent children from registering a Garmin account, but the registration does ask two adult fitness-related questions.

Intended Audience
 

Home

School

Kids (under 13)

Kids can use Vivofit Jr. 2 to tell time, track their steps, and to play games with the mobile app.

Kids can use Vivofit Jr. 2 in the classroom to learn to tell time and date, track their steps, and play app games.

Students (K-12)

Students can use Vivofit Jr. 2 at home to track their steps and finish to-do tasks as part of a classroom challenge.

Students can use Vivofit Jr. 2 in the classroom as part of an activity and participate with other students in step competitions, to-do tasks, or games.

What we found

Our hands-on security testing of smartwatches focuses on both the hardware of the smartwatch device itself and on the privacy of the companion mobile application that is used to set up the device, extended its functionality, and transfer data between the smartwatch, the mobile device, and the internet.

Software

The Garmin Vivofit Jr. 2 is paired with the following mobile app:

 Garmin Vívofit jr. (iOS, Google Play)

Device setup

The Garmin watch mobile application launches with a welcome screen and request to use Bluetooth to pair the smartwatch with the mobile application. The app prompts the user to sign in with their Garmin Connect account or create a new Garmin account. If a parent creates an account, they are asked to consent to the Garmin EULA and privacy policy. Don't worry, we already read the privacy notice and terms and conditions for you and summarize our findings in our privacy evaluation.

         

Create account

During account registration, the parent is asked to provide their full name, email address, password, and country. In addition, Garmin provides parents with the option to opt in to product news and promotions. After a Garmin account is created, the parent is prompted to also sign in to, or create, a Family account. Lastly, parents are required to read and consent to Garmin's privacy policy. We summarize our findings on the privacy policy in our privacy evaluation. 

         

Family account

During the family account registration process, the user is asked two different fitness-related questions. It is not clear why Garmin is asking these questions, but it appears the questions are likely meant to deter children under 13 years of age from registering for an account without parental consent. However, a simple birth date question would be an easier and more transparent age gate. After the family account is created, the parent can also choose to invite another Garmin account-holding parent to join the family account.

         

Pair watch

The app provides instructions on how to turn on and connect the Garmin watch with the mobile app.  The app uses Bluetooth to discover the smartwatch and requires a PIN code displayed on the watch to pair the Vivofit watch to the app. This is an extra level of security to prevent another person from trying to pair the child's watch with their own mobile device if they are within Bluetooth range.

         

Child profile

After the watch is paired with the mobile app, the parent is asked to provide information about the child who will be wearing the Vivofit watch. The app requests a parent provide the child's first name, age, and gender and provides additional information to parents about why Garmin is asking for this information. Parents can also provide their child's sleep schedule, set an avatar photo, or even upload an actual picture of their child for the profile.

         

Personalize watch

The parent is given the option to set the display text on the watch that could include the child's first name, nickname, or pseudonym. Parents are also given the option to keep their child's information private when competing in community step challenges. Finally, the app notifies the parent about software updates and syncs the child's profile and settings to the device over Bluetooth.

         

Getting started

Before a child can get started using the app and playing games, Garmin provides a second opt-in notice that parents can sign up to receive product news and promotions. The app home screen provides parents with information about their child's steps, sleep, activity minutes, and rewards. Kids can use the app to play activity-based games and earn points. Parents can use the app to set chores, timers, and alerts, and can choose to receive notifications. In the "More" tab, Garmin provides a third opt-in notice that parents can sign up to receive product news, offers, and promotions.

       

App settings

Lastly, parents can control and monitor daily or weekly step or activity challenges for their child and are reminded that the Vivofit watch syncs with their mobile device automatically. They ae also reminded that how often the Vivofit watch syncs may impact the watch and mobile device's battery life.

       

Hardware

The Garmin Vivofit watch hardware is packed with new technologies, which also means that the device has data-collection capabilities that raise privacy and security concerns. The chart below shows what we found with both the hardware of the smartwatch itself (in the row labeled "Device") and the companion mobile application installed on a mobile device (in the row labeled "App"). Learn more about what's inside the Garmin Vivofit watch and read our tips on privacy and security below.

Device collection details

 

Step tracking

Heart rate tracking

Sleep tracking

Cellular connectivity

Microphone access

GPS location access

App

Yes

No

Yes

No

No

No

Device

Yes

No

Yes

No

No

No

What can all that hardware do?

Garmin Vivofit Jr. 2 has a "brain." That means the Garmin watch can quickly collect and process information within the device itself.

Tip: The more information collected and processed, the more privacy and security risk there is for that information.

Garmin Vivofit Jr. 2 can "feel" with an accelerometer in the device. That means the Garmin watch can collect information about when and how an individual touches the watch display and can detect their steps when walking or running. The watch can also detect the amount of sleep a child achieved the night before and can display health-related information on the smartwatch or mobile app.

Tip: Information collected about a child's or student's bodily health or use of a product's tracking features over time is typically called usage, biometric, or behavioral information.

Garmin Vivofit Jr. 2 has a "face" with a transflective 8-color memory-in-pixel watch face and its companion Garmin Vivofit mobile app. That means the watch can display images to children and students on their watch face or on a mobile device through the digital screen.

Tip: Fitness or health-related information visually displayed to users may contain personal or sensitive information and be visible to others. This is a bigger privacy risk when the watch is used in a public place, office space, or classroom than when it's used in a doctor's office or private home.

Garmin Vivofit Jr. 2 has connectivity with Bluetooth for sending and receiving data. That means the Garmin watch can send and receive information it has collected or processed.

Tip: Bluetooth connections on a smartwatch or mobile device can send collected information to the cloud for processing and must be encrypted while in transit and while stored in the cloud to remain secure.

Garmin Vivofit Jr. 2 has energy with a built-in battery for up to 1 year of use. That means the Garmin watch is able to collect and process sensitive health-related information continuously while it is powered on and being worn on the individual's wrist.

Tip: The longer a device is operational, the more sensitive information it can collect and process.

Privacy rating

privacy rating and score (How we rate)


DATA SAFETY DATA RIGHTS ADS & TRACKING
How safe is this product? What rights do I have to the data? Are there advertisements or tracking?
Better Users cannot interact with trusted users and/or students. Better Opt-in consent is requested from users at the time personal information is collected. Worse Unclear whether data is shared for third-party advertising and/or marketing.
Unclear Users can interact with untrusted users, including strangers and/or adults. Better Users can control their information through privacy settings. Worse Unclear whether traditional or contextual advertisements are displayed.
Unclear Profile information is shared for social interactions. Worse Users cannot create or upload content. Worse Unclear whether behavioral or targeted advertising is displayed.

Continue reading about this tool's privacy practices, including data collection, sharing, and security.

If you would like to see how the Garmin Vivofit Jr. 2 watch compares to other popular smartwatches for kids, read our article comparing Smartwatch Privacy for Kids During the Coronavirus Pandemic.