Browse all articles

Privacy and Security Evaluation of the Samsung Galaxy Watch Active

Learn about the Samsung Galaxy Watch Active privacy and security features

Girard Kelly | April 24, 2020

The Common Sense Privacy Program evaluates the privacy policies of popular consumer and education technology applications and services that are currently used by millions of children at home and in the classroom.

We evaluated the privacy practices and performed a hands-on basic security test of five popular smartwatches used by kids and teens for parents and teachers to learn more about their security practices and how they compare to other popular smartwatches. We completed evaluations of the Apple Watch, Samsung Galaxy Watch Active, Verizon GizmoWatch, Fitbit Ace 2, and Garmin Vivofit Jr. 2, identifying the potential privacy risks and harms that may affect children, students, and families who use these devices.

When evaluating whether to use smart tech paired with a mobile app at home or in the classroom, parents and teachers need a comprehensive understanding of both the privacy and security practices of a smart device. Our approach lets us compare what the smart tech company says they do with data with what our limited testing can observe about what they actually do with data. We can sometimes observe what data goes to and from the device, but we can't necessarily see what happens with the data when it reaches the external destination. In addition, for our testing purposes we also did not attempt to intercept or observe any cellular or Bluetooth wireless traffic. Our findings are intended to help parents and teachers make better informed decisions about whether to buy this device or a similar smartwatch for use with their children at home or with students at school.

What is smart tech?

The category of smart devices, or the Internet of Things (IoT), covers all the objects or devices used in your home, office, or school that are connected to the internet. More and more of these smart devices are being used by children as toys at home and with students as learning tools in the classroom every day. Smart tech companies claim their devices provide greater convenience and new learning opportunities for children and students, but they also collect and share more information than ever. Connected devices and household gadgets can collect all kinds of sensitive information -- anything from audio and visual recordings of your home to the names of shows you watch, the number of steps you've taken, your child's precise location, how and when you sleep, and even the foods you eat.

What are smartwatches?

A smartwatch is a smart tech device that uses software with a digital touchscreen to display dynamic content on the watch face. However, not all smartwatches are the same. While smartwatches were originally seen as a luxury purchase or status symbol, their prices have fallen rapidly in the past few years. They have become more affordable and are used by more and more kids and teens every day. But there are still inexpensive watches and expensive watches -- watches with only one basic feature and watches with dozens of advanced features, and even watches designed for specific purposes or for specific segments of the population, like kids or athletes. Some smartwatches collect very little sensitive data, but other smartwatches are designed to collect as much sensitive data as possible, with thousands of data points used to create a profile of the wearer. All smartwatches tell time, and most have fitness features, such as a pedometer that measures your steps throughout the day. However, more expensive smartwatches also include advanced fitness-tracking features on the watch and companion mobile application. Advanced features include the ability to send and receive phone calls and messages on the device, and to install third-party apps on the device and mobile application.

What we tested

For this article we evaluated a popular smartwatch used by kids and teens: the Samsung Galaxy Watch Active.

Product Details

Company:

Samsung

Name: 

Samsung Galaxy Watch Active

Link:

Website

Price:

$179.99

Category:

Smartwatches for Kids & Teens

Software: 

Samsung Galaxy Watch and Samsung Health

Privacy Rating: 

50% Warning

Bottom line

Best Watch For Android: The Galaxy Watch offers easy integration with non-Apple mobile devices that run Android OS and has popular apps available in the Galaxy App Store.

 

Pros

Cons

1.

Any Device: The Samsung Galaxy Watch is compatible with Apple and Android mobile devices.

Limited App Store: Samsung's App Store has a limited selection of popular apps compared to the Apple App Store.

2.

Competitive Price: The Samsung Galaxy Watch has many of the popular features of the Apple watch but at a lower price.

Third-party Apps: Samsung allows the use of third-party apps through the App Store. This could put a child's or teen's personal information at risk.

3.

Adults and Teens Only: Samsung's policy is clear that children under 13 are not allowed to use its devices and the watch is targeted to an older general audience.

Ads and Tracking: Samsung's mobile app promotes third-party apps and products that make third-party advertising and tracking requests that could put children's or students' personal information at risk.

Intended Audience
 

Home

School

Kids (under 13)

Kids can use the Galaxy Watch at home to tell time, track their exercise and sleep, play games, read messages, see notifications, and make phone calls to friends.

Kids can use Galaxy Watch in the classroom to tell time, set calendar dates, track their steps, receive notifications, and play games.

Students (K-12)

Students can use Galaxy Watch at home to track their steps or heart rate as part of a classroom challenge, learn with apps, or receive homework notifications.

Students can use Galaxy Watch in the classroom as part of an activity and participate with other students in fitness app competitions.

What we found

Our hands-on security testing of smartwatches focuses on both the hardware of the smartwatch device itself and on the privacy of the companion mobile application that is used to set up the device, extended its functionality, and transfer data between the smartwatch, the mobile device, and the internet.

Software

The Galaxy Watch is paired with the following mobile apps:

 Samsung Galaxy Watch/Wearable (iOS, Google Play)

 Samsung Health (iOS, Google Play)

Device setup

The Galaxy Watch mobile application launches with a welcome screen requesting that the user set up the watch with Bluetooth. The app asks the user to pick their watch and pair their new smartwatch to the user's mobile device.

         

Pair watch

The app uses Bluetooth to discover the Galaxy smartwatch and requires a PIN code displayed on the watch to pair the watch to the app. This is an extra level of security to prevent another person from trying to pair the Galaxy Watch with their own mobile device if they are within Bluetooth range. After the watch has finished pairing with the app, Samsung provides some additional information on how to use the new watch.

       

Privacy policy

After pairing, the app prompts the user to agree to Samsung's End User License Agreement and Samsung's Privacy Policy. Don't worry, we already read the privacy notice and terms and conditions for you and summarize our findings in our privacy evaluation. In addition, the app requests to use mobile device permissions with the app such as access to Bluetooth sharing, notifications, calendar events, photos, and contacts.

         

Create an account

The app then prompts the user to sign on or create a new Samsung account to use your smartwatch. During registration, the app prompts the user again to agree to Samsung's Terms and Conditions, Terms of Services, and Privacy Policy. When creating an account, a user must create a strong password and provide their first and last name, birth date, and ZIP code. In addition, the app requires the user to opt out of receiving marketing communications (which should, as a best practice, always be opt-in). 

         

Complete registration

If during account registration a user says they are under age 13, the app displays an error message saying that they do not meet the minimum age requirement for registration. However, the app does not provide a parental consent method for children to register and simply requires the user to try again and enter a birth date that indicates they are over 13. In order to complete registration, the app requires the user to enter a security code sent to the user's email account, which can help prevent children under 13 years from registering an account without parental consent.

     

Getting started

After a user has created a Samsung account, they are presented with the app home screen, where they can change all the settings of their new watch. The app lets users change notifications, install third-party apps, tweak vibration alerts, discover new third-party watch faces, and much more. The user can also learn more about their watch and the companion app with the user manual and are prompted to install a second companion app called Samsung Health to track all their fitness, activity, and sleep data.

         

Hardware

The Galaxy Watch hardware is packed with new technologies, which also means that the device has data-collection capabilities that raise privacy and security concerns. The chart below shows what we found in both the hardware of the smartwatch itself (in the row labeled "Device"), and the companion mobile application installed on a mobile device (in the row labeled "App"). Learn more about what's inside the Galaxy Watch and read our tips on privacy and security below.

Device collection details

 

Step tracking

Heart rate tracking

Sleep tracking

Cellular connectivity

Microphone access

GPS location access

App

Yes

Yes

Yes

No

No

Yes

Device

Yes

Yes

Yes

No

Yes

Yes

What can all that hardware do?

Galaxy Watch Active has a "brain" with a Exynos 9110 1.15 GHz ARM based processor chip. That means the Galaxy Watch can quickly collect and process information within the device itself.

Tip: The more information collected and processed, the more privacy and security risk there is for that information.

Galaxy Watch Active can "feel" with an accelerometer, barometer, gyro sensor, heart rate sensor, and light sensor. That means the Galaxy Watch can collect information about when and how an individual touches the watch display and can detect their steps when walking or running. The watch can also detect a user's heart rate and amount of sleep they achieved the night before, and can display all that health-related information on the smartwatch or companion mobile app.

Tip: Information collected about a child's or student's bodily health or use of a product's tracking features over time is typically called usage, biometric, or behavioral information.

Galaxy Watch Active has "ears" with a microphone for listening for Samsung Bixby voice commands and phone calls. That means the Galaxy Watch can listen to and process conversations at the same time and focus on the direction voices and sounds are coming from. You can also learn more about our privacy evaluation of Bixby. 

Tip: Audio information about the duration, tone, pitch, and content of voice communications, as well as when and where those communications happened, may contain personal or sensitive information. This is a risk to a greater number of people's privacy when the Galaxy Watch is used in a public place, office space, or classroom than when it's used in a private home on speaker phone.

Galaxy Watch Active has a "face" with a circular super AMOLED watch face and its companion mobile app. That means the Galaxy Watch can display images to children and students on their watch face or on a mobile device through the digital screen.

Tip: Fitness- or health-related information visually displayed to users may contain personal or sensitive information and be visible to others. This is a bigger privacy risk when the Galaxy Watch is used in a public place, office space, or classroom than when it's used in a doctor's office or private home.

Galaxy Watch Active has connectivity with Bluetooth, Wi-Fi, NFC, and GPS for sending and receiving data. That means the Galaxy Watch can send and receive information it has collected or processed.

Tip: Wi-Fi and cellular LTE connections on a smartwatch device or mobile device can send collected information to the cloud for processing, and must be encrypted while in transit and while stored in the cloud to remain secure.

Galaxy Watch Active has energy with a built-in rechargeable lithium-ion battery with wireless charging. That means the Galaxy Watch is able to collect and process sensitive health-related information continuously while it is powered on and being worn on the individual's wrist.

Tip: The longer a device is operational, the more sensitive information it can collect and process.

Galaxy Watch Active connects with other watch apps through the Samsung App Store. That means other third-party watch apps or third-party watch faces can connect to the Galaxy Watch through the smartwatch or the mobile app, and could collect and use personal information from the Galaxy Watch and mobile app for a different purpose.

Tip: Devices that allow third-party apps to be installed can increase the user's risk of installing malicious apps that can steal sensitive personal information. Other apps may not have the same privacy and security protections as Samsung and may be able to collect personal data for other unintended purposes.

Privacy rating

privacy rating and score (How we rate)


DATA SAFETY DATA RIGHTS ADS & TRACKING
How safe is this product? What rights do I have to the data? Are there advertisements or tracking?
Better Users cannot interact with trusted users and/or students. Better Opt-in consent is requested from users at the time personal information is collected. Worse Data is shared for third-party advertising and/or marketing.
Unclear Users can interact with untrusted users, including strangers and/or adults. Better Users can control their information through privacy settings. Worse Traditional or contextual advertisements are displayed.
Unclear Unclear whether profile information is shared for social interactions. Unclear Users can create or upload content. Worse Behavioral or targeted advertising is displayed.

Continue reading about this tool's privacy practices, including data collection, sharing, and security.

If you would like to see how the Samsung Galaxy Watch Active compares to other popular smartwatches for kids, read our article comparing Smartwatch Privacy for Kids During the Coronavirus Pandemic.