Smartwatch Privacy for Kids During the Coronavirus Pandemic

Smartwatches are everywhere -- there are watches that just tell time, watches that count your steps, watches that also make phone calls, watches that can install third-party apps, and watches that can use GPS to track the wearer's location at anytime. With many children and students homebound during the coronavirus pandemic, parents and educators are looking for more smart devices that can be used for entertainment, to encourage fitness activity, and to support educational learning. 

During this pandemic, companies are already working on changes to Android and iOS mobile devices to enable Bluetooth-based COVID-19 contact tracing. Smartwatches could also be used to share any of the health-related data they collect with other organizations or governments that are working to trace individuals and contain the spread of viruses like COVID-19. Location and health-related data collected from smartwatches that are used by children and students could potentially be used to determine which individuals they come into contact with, and could detect the early signs of infection, such as elevated heart rates or higher-than-normal temperatures, that could signal an immune system response.

It's not hard to imagine that parents could also get an alert about their kid's health from the smartwatch manufacturer or a government agency that received their kid's health data at the earliest stages of illness -- even without symptoms. Smartwatches could even automatically alert local and state authorities that may seek to place restrictions on a child, and any individuals they may have come in contact with, to try to isolate them before they can infect anyone else. The use of smartwatches to track kids' fitness and health can help kids stay active and healthy during the coronavirus pandemic while they are homebound, but the unintended collection and use of their location and health data for potential surveillance purposes by companies and the government without parental knowledge or consent raises serious privacy concerns. With these risks in mind, the Common Sense privacy program evaluated the privacy and security practices of the top five smartwatches used by kids and teens. For more resources about quality educational applications and services to use with your kids at home and with students in the classroom, check out our Resources for Educators During the Coronavirus Pandemic and our Resources for Families During the Coronavirus Pandemic.

Which watches did we test?

For this article we tested the Apple Watch, Samsung Galaxy Watch Active, Verizon GizmoWatch, Fitbit Ace 2, and Garmin Vivofit Jr. 2, identifying the potential privacy risks and harms that may affect children, students, and families who use these devices.

To jump to a specific section of this article, please click on a link below:

1. What are smartwatches?
2. What are the risks?
3. What we found
4. Compare privacy ratings
5. Compare security testing
   1. Data sharing
   2. Data safety
   3. Account protection
   4. Device security
   5. Software updates

What are smartwatches?

A smartwatch is a smart tech device that uses software with a digital touchscreen to display dynamic content on the watch face. However, not all smartwatches are the same. While smartwatches were originally seen as a luxury purchase or status symbol, their prices have fallen rapidly in the past few years. They have become more affordable and are used by more and more kids and teens every day. But there are still inexpensive watches and expensive watches -- watches with only one basic feature and watches with dozens of advanced features, and even watches designed for specific purposes or for specific segments of the population, like kids or athletes. Some smartwatches collect very little sensitive data, but other smartwatches are designed to collect as much sensitive data as possible, with thousands of data points used to create a profile of the wearer. All smartwatches tell time, and most have fitness features, such as a pedometer that measures your steps throughout the day. However, more expensive smartwatches also include advanced fitness-tracking features on the watch and companion mobile application. Advanced features include the ability to send and receive phone calls and messages on the device, and to install third-party apps on the device and mobile application.

For our testing, we focused only on smartwatches most commonly used by kids and teens. We spoke with numerous parents and educators to learn the most popular smartwatches used by kids as young as 4 at home, teens up to 18 years old on the go, and students in K-12 classrooms. We categorized dozens of popular smartwatches by brand name, price, gender, age group, and features. It was difficult to choose only five popular smartwatches, but we carefully selected five watches for this article that we believe are representative of most types of smartwatches on the market today. We also chose smartwatches based on the most popular brand names -- a range from inexpensive to expensive, from watches with only one feature to numerous advanced features, and watches used by children and students in every major age group at home, outdoors, and in the classroom.

What are the risks?

Children and data privacy

Parents and educators value the ability to control and to understand what information is collected from smartwatches when it comes to their children and students. A common concern -- from both parents who use smartwatches at home and educators who use them in the classroom -- is what sensitive personal health information is actually being collected and how it is used. If it is collected, do users know how to control what information is collected and how to control whether their child or student's personal data is being used to deliver personalized or targeted ads? Smartwatches can request access to your mobile device location, modify storage, make phone calls, view contacts, save photos, play media, and access files on the device. More advanced features can also request access to view your calendar, modify contacts, view call logs, send emails, and respond to SMS messages.

• The facts: There's the actual situation: smartwatches are treated as trusted devices and can collect a significant amount of sensitive health data and personal information from your mobile device.
• The feelings: Then there are the feelings parents and educators may have about smartwatches always collecting data from their children and students -- all day long and even while they sleep -- often referred to as the "creepiness" factor. Creepy could include collecting sensitive health data without express permission or using the data for purposes beyond what the device was initially purchased to do.
• The future: Beyond what is currently collected and how it is used, smartwatches may store sensitive data indefinitely and companies may at some point utilize the data in ways that no one -- not the children, nor the parents, nor even the device manufacturers and designers -- have yet imagined, such as containing the spread of viruses like COVID-19.

What should parents and educators do?

Parents and educators have several options when deciding whether to purchase a smartwatch. Some may be thinking about whether or not to purchase a smartwatch at all, or some may have already made up their mind that they want to purchase a smartwatch but are not sure which one is best for privacy. Others may have already bought a smartwatch and want to know how to change its privacy settings to best protect their children or students, and some parents and educators want to know how to exercise their data rights and tell companies not to sell their data.

• Check the privacy settings. All smartwatches have settings on the device itself and settings inside the companion mobile application that allow you to turn on or off different data collection features. If you do not need to collect heart rate data, GPS location data, or send and receive messages to the device, these extra features can be turned off to minimize the amount of sensitive information collected.
• Take off the smartwatch. Children and students should wear the device only when it is in use, and when an adult is present to monitor use by children.
• Check which apps are installed on the smartwatch. Remove unwanted third-party apps to minimize the amount of information collected.
• Ask companies not to sell your data. Use free online resources like donotsell.org that allow you to make a request to smartwatch companies to stop them selling your data for profit.
• Make your preferences known to companies and legislators. We can start with the knowledge that parents have taken or wanted to take steps to limit data collection -- and about half of those think they have, and half want to but they don't know how. This is the jumping-off point for action. The next step is to empower parents and educators so that they actually have this control and utilize it. Legislators can support this practice by mandating features allowing parental controls, and when that doesn't fully protect kids, allowing the information to be deleted from devices and databases.
• Make informed decisions about which smartwatches to buy and use. This article is a snapshot of what smartwatches are doing right now. Their business practices change rapidly as companies think creatively about how to gather, process, and sell data. In deciding whether to purchase or use a smartwatch, consider the impact on children that may use the device. Factor into your decision the cost of the device, purchases that may be made with the device or companion app, and the potential use of your personal information by the device manufacturers and other companies the device might share your data with over time.

What we found

The following ratings and scores are from our privacy evaluation results. Click on the product's name in the chart below to read more about each of the smartwatch and companion mobile applications that could be used at home and in classrooms by kids, students, and families. The following chart illustrates a range of privacy practices from "best" to "poor" based on our privacy ratings. Products that score a "poor" are not necessarily unsafe, but they have a higher number of privacy problems than the "average" product. Similarly, products that score "best" are not necessarily problem-free, but had relatively fewer problems compared with other products.

For example, from the chart you can see that Apple received the highest overall score and that Garmin received the lowest overall score. Apple did better than Garmin in almost every category. In addition, both Verizon and Fitbit received similar overall scores, but had different concern scores that contributed to their overall points. For example, Verizon had better data safety practices, but Fitbit had better practices in place for protecting data collected from children with parental consent.

Compare privacy ratings

The following chart compares products' privacy practices which are used to determine their privacy ratings. These worse practices can put children's and students' privacy at risk by selling personal data to third-party companies or selling the use of personal information for third-party marketing, advertising, tracking, or ad-profiling purposes.

For example, Apple's policies received a Pass rating because Apple had better privacy practices for all of the rating criteria above. However, Verizon's and Fitbit's privacy policies received similar scores because they both had several worse practices and were unclear about whether they use personal information to send third-party marketing communications to users. Samsung's policies were very clear that they use personal information to engage in every worse practice used in our rating criteria. We found that Garmin did not discuss any of the privacy practices used in our rating criteria, and therefore there is no expectation for parents and educators about how Garmin will use personal information it collects from kids.

Compare security testing

Our hands-on security testing of the five smartwatches focused on the 10 most critical security practices around the collection of information from a smartwatch and its companion mobile application, and on the transmission of information between the device, the application, and the internet. The following charts show what we found in both the hardware of the smartwatch itself (in the row labeled "Device") and in the companion mobile application installed on a mobile device (in the row labeled "App"). The charts compare the basic privacy and security testing details of all five smartwatches. For more hands-on security testing information about each product, click on the product's name in the chart below. All the smartwatches had a companion mobile application that was used to set up the devices, extended the functionality of the devices, and transfer data between the smartwatch, the mobile device, and the internet.

Data sharing

Evaluating data sharing takes into consideration best practices of keeping personal data inside the application or smart device to help protect privacy. Connecting social media accounts could allow children or students to share personal information with other people and with third-party companies. In addition, installing third-party apps with a smart device could allow the collection and use of personal information for a different purpose.

For the security concern of sharing data, only Apple Watch allows the installation of third-party social media-related applications through the Apple Store. The Samsung Galaxy Watch also has an App Store but does not have any social media–related applications available at this time. Both the Samsung and Verizon watches allow users to authenticate with their Google account instead of creating a new watch account. This allows for data sharing between the companion mobile app and Google.

Two of the smartwatches tested (Apple and Samsung) allow for third-party applications to be installed that extend the functionality of the device, but can also increase the types and amount of data collected and shared with third-party companies. Both the Fitbit and Garmin smartwatches have limited features because they are restricted to use by kids only compared to the other watches we tested. The Fitbit and Garmin watches we tested do not allow third-party apps to be installed, but Fitbit allows for premium third-party workout content, and  Garmin general consumer smartwatch devices have no such restrictions on which third-party apps can be installed through the Garmin Connect app store. Devices that allow installation of third-party applications can increase the user's risk of installing malicious apps that can steal sensitive personal information. Also, third-party apps may not have the same privacy and security protections and may be able to collect personal data, including passwords.

Device safety

Evaluating device safety takes into consideration best practices of using privacy protections by default and limiting potential interactions with others. It's better to start with the maximum privacy that the app or device can provide and then give users the choice to change the settings. In addition, users talking to other people through the app or device might permit sharing personal information with strangers.

All five smartwatches provide privacy-protecting controls that prompt the user to provide opt-in consent on both the device and mobile application before personal data is collected. This approach allows users to provide informed consent at the point where personal or sensitive information is collected. Other privacy controls such as parental consent, social interactions with phone calls, and third-party app stores all require opt-in consent to activate and use. However, because three of the watches (Apple, Samsung, and Verizon) allow for the collection of location information, parents and educators should choose privacy-protecting settings for the collection of sensitive information. When given notice to provide opt-in consent (Always, Only while using the app, or Never), parents and educators should only allow the collection of precise location information when using the mobile app.

Three smartwatches (Apple, Samsung, and Verizon) provide features to send and receive voice phone calls, text messages, emails, and app notifications through the device. Audio information about the duration, tone, pitch, and content of voice communications, as well as when and where those communications happened, may contain personal or sensitive information. This is a risk to a greater number of people's privacy when a smartwatch voice call is used on speaker phone in a public place, outdoors, or classroom than when it's used in a private home. In addition, the personal content of text messages could be shared between apps. Messages could be shared between the primary messaging app on the mobile device to a secondary smartwatch companion mobile app on the mobile device before being transferred to the final destination of the smartwatch for notification and interaction by the wearer, and this could put their personal information at risk.

Account protection

Evaluating account protection takes into consideration best practices of using strong passwords and providing accounts for children with parental controls. Strong passwords can help prevent unwanted access to personal information. Children under the age of 13 may not understand when they are sharing personal information, so they should be required to create special accounts with more protection under the law. Lastly, parents can help children under the age of 13 use a device or app with digital well-being protections in mind with parental controls.

All five smartwatches have complex password or passphrase requirements to create an account in order to use the smartwatch. All five smartwatches require the user to create an account with the companion mobile application before interacting with the smartwatch. In addition, all the smartwatches used industry best practice of requiring the use of Bluetooth PIN pairing between the mobile application and the smartwatch.

All five smartwatches handle parental consent and parental controls differently. For the Apple Watch, a user is prompted to enter their existing Apple ID username and password to personalize their watch. If a user does not have an Apple ID, they can create a new Apple ID account and are asked to enter their birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the app requests that a parent or guardian provide consent for the child or student. For the Samsung Galaxy watch, if a user clicks "sign up" after the welcome screen, the app requests personal information, including the user's first and last name and birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the app states they "must meet the minimum age requirement" and does not allow the underage user to register for an account. For the Verizon GizmoWatch, if a user clicks "create an account," the app requests personal information, including the user's first and last name, phone number, and birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the app states "Sorry, you are not old enough to set up GizmoHub."

For the Fitbit Ace 2 watch, if a user clicks "Join Fitbit" after the welcome screen, the app requests personal information, including the user's first and last name and birth date to confirm their age. If a user provides a birth date that indicates they are under the age of 13, the app requests that a parent or guardian provide consent for their child. A parent must provide consent by setting up their own Fitbit account with an email address and using Fitbit's family account settings to create a child account. Lastly, for the Garmin Vivofit Jr. 2 watch, a user is prompted to enter their existing Garmin Connect username and password to personalize their watch. If a user does not have an Garmin Connect account, they can create a new account and are asked to enter their full name, email address, and password. Once a user confirms that they have access to the email address registered with their new account, they are  prompted to set up their new family account and add a child's smartwatch. However, it appears there is no birth date registration requirement or age gate to prevent children from registering a Garmin account, but the registration process does ask two fitness-related questions that appear to aim to restrict young children from creating an account.

For the Apple Watch, a parent must provide consent through the Family Sharing setting of their Apple ID account, where they can create an Apple ID for their child. A parent must first review Apple's parent privacy disclosure, then enter their child's personal information, including an iCloud.com email address and a password that meets strong and complex password requirements. The Samsung Galaxy Watch did not have any parental controls or settings at the time of testing. For the Verizon GizmoWatch, after the parent or guardian has created an account they must also provide their child's personal information to create a child account. The GizmoHub app allows parents to access all the information collected from their child's GizmoWatch from their current GPS location, number of steps, to-do lists, and calls with settings for notifications and quiet time.

For the Fitbit Ace 2, once a parent or guardian user logs in with their existing Fitbit account on the Fitbit mobile app, they are prompted to go to the family account settings and set up a child account. The parent user is then prompted to enter their child's first and last name, gender, and birth date, and to choose an avatar. Lastly, the new child profile is associated with the Fitbit account holder as their parent or guardian and their child's fitness information can be viewed by switching to the "Kid View." This also limits the content available under the "Discover" tab.

Device security

Evaluating device security takes into consideration best practices of securing personal information against unwanted access when it is shared between the mobile device, smart tech, and the internet. Keeping personal information encrypted, or masked, protects information while it is on the move. In addition, advertising and tracking requests from the device or app could contain personal information about the user, including what they're doing with the device or app.

Only the Apple and Samsung watches and their companion mobile applications sent and received encrypted data over Wi-Fi connections. A Wi-Fi connection from a smartwatch to the internet, or from a smartwatch to a mobile device, can send collected information to the company and to third parties over the internet for processing and must be encrypted while in transit and while stored in the cloud to remain secure. Alternatively, the Apple and Verizon watches can send and receive information over an encrypted cellular connection directly to mobile wireless towers. However, for our testing purposes we did not attempt to intercept or observe any cellular wireless traffic.

In addition, all five smartwatches use Bluetooth connectivity to set up each smartwatch and pair the companion mobile application and user account to the watch. All Bluetooth requests sent and received between the smartwatch and mobile application are encrypted, but the Apple and Samsung watches only pair the devices to their companion mobile apps. The Verizon, Fitbit, and Garmin watches also use a PIN to pair the smartwatch to the mobile app. This is more secure because it would not be possible for another device within Bluetooth range to reconfigure the smartwatch to pair with their unauthorized mobile application. However, for our testing purposes we also did not attempt to intercept or observe any Bluetooth wireless traffic.

The Apple Watch app only sent and received network requests during testing to Apple-related cloud services and no advertisement requests were observed. Similarly, the Verizon, Fitbit, and Garmin apps only sent and received network requests during testing to their company-specific cloud services and no advertisement requests were observed. However, the Samsung Galaxy app displayed third-party app store advertisements and other third-party fitness products, and the Samsung Health app displayed prominent promotions to purchase additional products like Samsung Kids+ and Samsung Galaxy smartphones. The Fitbit app displayed first-party advertisements during setup and use of the app to upgrade to its paid premium subscription service, but this advertisement is not visible when the Fitbit app is switched to "Kid View."

The Apple and Verizon mobile apps only sent and received network requests during testing to Apple- and Verizon-related cloud services. In addition, the Apple Watch only sent and received network requests over Wi-Fi during testing to Apple-related cloud services. However, for our testing purposes we did not attempt to intercept or observe any cellular wireless traffic from the Apple or Verizon watches. Furthermore, our testing observed that the Samsung, Fitbit, and Garmin mobile apps sent and received data to known third-party advertising and tracking domains such as Google Analytics, Google Adservice, Doubleclick, and other ad networks when personal information was collected by the smartwatches that could be used for tracking or profiling purposes.

Software updates

Evaluating software updates takes into consideration best practices of keeping a smart device secure with up-to-date software patches and settings. When a company improves its app or device, better privacy and security should be part of the package and should be automatically updated or easy to update.

All five smartwatches provide firmware updates for the smartwatch devices and software updates for the companion mobile applications. All five devices provide notice to the users to update the firmware of the device upon activation and to update the companion mobile application when an update was available through the App Store. However, parents and educators should also keep in mind that smart devices may not continue to provide software updates past the product's warranty. There could be an increase in risk to a child or student's personal information if smart devices do not receive regular security updates and patches.

Both the Apple and Samsung mobile apps were observed sending a large amount of non-encrypted data from their respective update domain servers during the firmware update process. However, during the update process both applications displayed a notice that the software update was being verified. It is possible that the software update download was verified on the smartwatch or mobile app before installation, but that the data was simply transferred over an unencrypted network port.

If you would like to learn more about the privacy and security practices of each of the popular smartwatches for kids that we tested, read our in-depth articles for the Apple Watch, Samsung Galaxy Watch Active, Verizon GizmoWatch, Fitbit Ace 2, and Garmin Vivofit Jr. 2.