**The World of Health and Fitness Apps: A Deep Dive**

As we navigate the vast expanse of health and fitness apps, it's easy to get lost in the sea of options. But with so many choices comes the question: which app is the best for tracking your health information? In this article, we'll explore some of the top options available on both iOS and Android, and what sets them apart from one another.

**Google Fit: A Comprehensive Health App**

One app that stands out in the world of health and fitness is Google Fit. Developed by Google, this app collects a vast array of information, including steps taken, heart rate, and even some basic health metrics like calorie burn and exercise time. But what sets Google Fit apart from other apps is its seamless integration with third-party apps. With an API that allows developers to access and share data with other apps, Google Fit becomes a sort of hub for all your fitness tracking needs.

**Apple Health: A One-Stop Shop**

On the iOS side of things, Apple's Health app is a one-stop shop for all your health information. Developed by Apple, this app collects data from various sources, including activity trackers, fitness apps, and even some built-in features like the iPhone's GPS. But what really sets Apple Health apart is its ability to integrate with other iOS apps. With third-party apps able to read and write data to the Health app, users can easily track their progress across multiple platforms.

**The Future of Health Data Sharing**

One of the most significant developments in the world of health and fitness apps is the increasing emphasis on data sharing between apps. On Android devices, Google has been working to give users more control over who can access their health data. With a new API that allows developers to request access to user data, Android's approach is designed to give consumers more agency over their own health information.

**A Concern for Privacy**

But with all the advancements in health and fitness apps comes a growing concern for privacy. As users share more and more data with these apps, there's a risk of breaches and unauthorized access to sensitive information. This is where regulators like the FTC come in. With new rules and guidelines in place, companies are being held accountable for protecting user data.

**A Trust Factor**

For many users, trust plays a significant role when it comes to sharing health data with apps. Google Fit, for example, has built a reputation for being trustworthy and secure. But even here, there's a caveat. As our conversation with Jason reveals, some users may be skeptical of trusting a large company like Google with their sensitive information.

**The Importance of Control**

Ultimately, the ability to control who can access your health data is essential for consumers. With so many apps vying for attention, it's easy to lose sight of what's really important: our own health and well-being. By giving users more agency over their data, companies like Google are helping to build trust and confidence in the world of health and fitness apps.

**A Rule Worth Following**

The FTC's stance on data breaches is a shining example of this approach. With new rules in place that require companies to notify users if sensitive information has been compromised, the regulatory body is sending a clear message: protecting user data is not just a nicety, it's a necessity.

"WEBVTTKind: captionsLanguage: enthis is twit i wanted to talk about this new story this is a really interesting um ruling this morning our vote this morning by the ftc uh that basically says you know we've had a rule it's i think more than a decade old now the ftc has had a rule uh that says should a company that handles sensitive health information um should they have a breach of said sensitive health information they have to notify consumers they have to notify the ftc and in some cases they also have to notify the press and up to this point the ftc the rule itself isn't super clear on who was covered and more so even if uh the ftc would argue that um no it was clear from the get-go what wasn't uh kind of up to snuff was the ftc's enforcement of that rule meaning that even because they could they they argue uh that this rule uh called the health breach notification rule um that for the for as long as it's existed it also included health apps so apps that sort of traffic in your health data um that they were included but since health apps that have had breaches in the past that maybe didn't uh follow the rule and make that uh information available as quickly as they're supposed to uh since the ftc didn't come after them then you know maybe you thought it wasn't a sort of in a gray area space so today in a vote of three to two the ftc basically clarified um this rule and said look this includes health apps you also have to notify us consumers you have to notify the ftc and again in some cases the media they can read the rule to learn more about it essentially this whole rule was created because there are plenty of companies that deal with health data that are not part of hipaa they're not covered by hipaa which is the health insurance portability and accountability act so companies outside of your medic your typical medical records and health insurance needed to have some rules tied to them to make sure that your data was being protected and should it not be protected that you could be notified about it and so that's what this rule does now what's interesting to me is that it is a pretty broad definition so uh they they clarify that apps that collect information directly from consumers and have the technical capacity to draw information through an api that enables syncing with a consumer's fitness tracker that counts so almost any app that i have on my phone that's able to pull information from a fitness tracker in this case my apple watch they are covered underneath this rule they need to follow this rule an app that draws information from multiple sources is covered even if the health information comes from only one source so the example they gave is that even if you have a blood sugar monitoring app that draws health information only from one source like the consumer typing in their blood sugar levels if it also takes non-health information from another source so for example it can pull in information from the calendar that you sync with the phone it's covered under the rule so even if these apps sort of wanted to say hey you know i yes we take health information but we're only doing one uh one thing meaning that we're not you know working with an api we're not pulling data from elsewhere so technically this health breach notification rule doesn't apply to us no if you've got integrations in the app if you are pulling information from your phone's calendar from the from your your customers phone's calendar uh if you are pulling information from i don't know the notes app from um any other app you are covered and i like this too they clarify that a breach is not just cyber security concerns uh it's not just if someone comes along and uh you know breaks into the system and gets access to this information it also includes sharing the information without an individual's authorization so if they these apps have been used in the past uh for marketing purposes to share information they are at the mercy of this rule and the ftc said you know we haven't really done a good job in the past of enforcing this rule but now you're on notice it is a violation or any violation of the rule faces civil penalties of forty three thousand seven hundred ninety two dollars per violation and you may think forty three thousand seven hundred ninety two dollars per violation that's not very much money it's not just per violation it is per-violation per day so for every day that you are not notifying your customers about this and that you're violating this rule you are potentially facing a fine or civil penalty in this case a forty two thousand seven hundred ninety two dollars and that just keeps racking up and racking up and racking up and racking up so it could get pretty expensive um interestingly uh there are some companies who in because again the the rule itself it's one of those where it kind of already did include apps but just apps were kind of some apps were kind of going oh no that doesn't really apply to us and the ftc isn't saying anything so we don't say anything you're not saying anything whatever uh but some apps out there went ahead and sort of followed this rule even if it wasn't being enforced in other cases an example of that is i can't remember i think it was uh goodness i can't remember who bought it but there was um a pretty popular app that got purchased by a bigger a pretty popular fitness advocate purchased by a bigger company and when that happened the bigger when there was a breach the bigger company followed the rule and notified as was needed and so so yes my fitness pal thank you adam w uh in the chat um under armour thank you purchased myfitnesspal i love our chat um and there was a breach and under armour notified as they were supposed to um and it kind of reminded me of the movie industry because with the movie industry uh all of those ratings systems are something that the movie industry created itself and the reason that they created the ratings and this body that is an oversight body that um helps determine what ratings movies get is because they did not want the government to regulate the movie industry and so they said no no you don't have to do it we're gonna go and take care of it we're gonna do it ourselves and so then the government kind of turned elsewhere uh to work on other regulations because they went ahead and took care of themselves so under armour did the right thing kind of followed this rule that's already here and said we're gonna do this but other companies are not uh have not kind of followed along with this rule and so now that this is sort of clarified this is good um one of the things i really liked in the piece um was ftc chair lena khan talking about uh the advertising and how this played a rule given the growing prevalence of surveillance-based advertising the commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk went on to say digital apps are routinely caught playing quote fast and loose with user data leaving users sensitive health information susceptible to hacks and breaches given the rising prevalence of these practices it is critical that the ftc use its full set of tools to protect americans so this is a real crackdown to make sure that these apps that in the past have kind of gotten to go oh we're soaking up all this data but we don't necessarily have to be as protective of this data or in some cases can use this as an opportunity to make money on this data uh now the ftc is coming in now you may be asking okay but it was a three to two vote why were there why was there any dissent on protecting users data well of course there's a lot that goes into why that happens but i do just want to read the hill which has information about that it says the vote for the policy fell along party lines with khan and the other two democratic commissioners voting three to two in favor of the policy against republican commissioners noah phillips and christine wilson so it seemed to be a democratic versus republican decision here and uh the the republic one of the republican commissioners explained that the reason they voted not to uh protect consumers health information is because there is a sort of longer term more wide encompassing uh set of rules and regulations that they're working on and so they didn't want to do this sort of piecemeal stuff in the meantime because they needed to conclude those other things first so you know take that for what it is and what you do with that what you will but that's why it seems to have fallen along party lines in any case i'm glad this careful clarification has uh taken place and that all these different apps that you know we maybe in some cases take for granted the information that they're uh collecting are going to have to be uh more proactive or face some serious finds now the one thing that i think is important to point out is that there is an important definition here um this is only when there's a breach be it a nefarious breach or a sharing of data as the the rule points out only applies to unsecured identifiable health information now i don't know how we go into a definition of identifiable um what what exactly that means because for some for me i would think that means that if they anonymize this health information then they're okay with uh you know sharing it with ad marketplaces and all that kind of stuff so that part gets a little bit murky and uh it would be interesting to hear some more uh from from lawyers in particular about uh that part of the the regulation so it's not you know a be all end-all rule it's not fixing everything but um i already i'm curious to hear you jason if you feel the same way when it comes to apps i am happy to um let the app with health apps in particular i'm happy to let the health app write data to my phone because of apple's health app which collects all of that information happy to let it write to that but i'm not big on letting it read any of that information meaning that it can access other things within my health app and and sort of suck that up and send it to the cloud and so oftentimes what i will do is only give it write permissions not read permissions and if it's read permissions it is for very specific apps that are for for example health tracking and i don't let it have access to some of the more you know i i don't mind if it has my uh calorie burn for the day and my steps for the day but i'm not also going to give it access to uh heart um heart monitoring information so kind of the more private more detailed in-depth information so i i'm curious your side of things there's one other mention that i'll make that i completely forgot um ember mug is a great example of this love my amber mug fantastic it keeps my coffee or whatever warm drink i have warm throughout all time but on ios you can let it write and read health information so that you can track your caffeine intake i am not interested in a smart mug company having my caffeine consumption and so i have that feature turned off but an app that uses my apple watch a well-established app that uses my apple watch to provide me more insight on my heart rate and that kind of thing i give that app permission uh to write and read very specific things so it kind of depends on the app and whether i think that they are going to be using it for the purposes that i expect it to or if they're going to be sort of making more money on that how are you because i don't first i guess i'll ask jason does google have a like one app that collects a bunch of health information that you can go to like apple watch it ha this one app called health and not apple watch but apple in general on ios has an app where there's one app where i can go in and uh not only log but see all of the apps uh information that is logged my nutrient intake so you know if i if i use an app for uh meal tracking it will tell me then how much calcium i've had in a day how much fiber i've had today how much it is how much fat how much etc etc that app also has information for my steps it has information for my heart rate it has information for my um my my doctor's records all of that is in this one app and then through the api third-party apps can write to the health app and read from the health app is there's something like that on google and then my second question for you is um how quote-unquote fast and loose do you play with the health information on your device and with apps that sort of use that stuff yeah google has google fit is their app that it kind of collects a lot of this information and it's not i mean it's fine it's you know it's not as all-encompassing as some other apps like samsung's health app you know it does actually track some things that google fit doesn't and you can set them up so that they talk to each other and there's plenty of third-party apps that act as like a conduit between that and uh you know fitbit information although fitbit's now in google but before it was you know kind of setting it up so that some of these pieces of information could pass between them and um yeah i mean so so it is possible for these apps to kind of talk to each other it's also uh something that that android has been doing in uh in the last couple of years where they've been getting a little bit more um they've been controlling a little more how easily data is shared from one app experience to another and kind of siloing them you know from a from a file access slash data perspective so you have to be as a user a little bit more intentional if you want to say yes this app can have access to this health information that's over here so that's good it puts the control at least in the in the consumer's hands whether the consumer understands that control that's a different story um i just i just don't really do a whole lot of fitness stuff with my phone to begin with you know i feel like we've talked about this to some degree maybe a couple of weeks ago when i was showing off uh the galaxy uh watch 4 classic that i've been wearing you know it does a lot of activity tracking and everything but i don't really do anything with that information like it's nice that it does it but i really am not a you know the kind of person that's like really uh tracking all of this information so so it's not really top of mind to me i don't really you know if that information is in the app that's that's fine i should probably be a little bit more cognizant of what's happening to that information but um you know a part of me kind of has a trust of google if i'm throwing this stuff into google fit i'm like okay well uh you know maybe i shouldn't trust google on that but i i just kind of tend to be like it's going into google fit i'm not really doing anything with it it's just kind of par par for the course but i do think that having the ability to control that for people who really do care about this stuff is essential and i think that google does a a pretty good job with that um to my understanding i'm sure someone else might might disagree with that though oh yeah i mean everybody kind of falls along different lines when it comes to this thing and uh you know privacy considerations in general uh but ultimately um i think eighth if all this and this is what this rule says if all this rule says is that hey if you uh if if you suffer a breach of someone's data you have to let them know yeah that's a really good rule yeah that's pretty good basic like line of of uh of thought there for for a business hey if something bad happened and it has to do with somebody else's data and especially private private data that can be really revealing like health data um all data of course but that especially then yeah that's a pretty good foundation to kind of build upon i i definitely applaud the ftc for um making that that stance i think that's good for consumers ultimately and that's what it's all about yeahthis is twit i wanted to talk about this new story this is a really interesting um ruling this morning our vote this morning by the ftc uh that basically says you know we've had a rule it's i think more than a decade old now the ftc has had a rule uh that says should a company that handles sensitive health information um should they have a breach of said sensitive health information they have to notify consumers they have to notify the ftc and in some cases they also have to notify the press and up to this point the ftc the rule itself isn't super clear on who was covered and more so even if uh the ftc would argue that um no it was clear from the get-go what wasn't uh kind of up to snuff was the ftc's enforcement of that rule meaning that even because they could they they argue uh that this rule uh called the health breach notification rule um that for the for as long as it's existed it also included health apps so apps that sort of traffic in your health data um that they were included but since health apps that have had breaches in the past that maybe didn't uh follow the rule and make that uh information available as quickly as they're supposed to uh since the ftc didn't come after them then you know maybe you thought it wasn't a sort of in a gray area space so today in a vote of three to two the ftc basically clarified um this rule and said look this includes health apps you also have to notify us consumers you have to notify the ftc and again in some cases the media they can read the rule to learn more about it essentially this whole rule was created because there are plenty of companies that deal with health data that are not part of hipaa they're not covered by hipaa which is the health insurance portability and accountability act so companies outside of your medic your typical medical records and health insurance needed to have some rules tied to them to make sure that your data was being protected and should it not be protected that you could be notified about it and so that's what this rule does now what's interesting to me is that it is a pretty broad definition so uh they they clarify that apps that collect information directly from consumers and have the technical capacity to draw information through an api that enables syncing with a consumer's fitness tracker that counts so almost any app that i have on my phone that's able to pull information from a fitness tracker in this case my apple watch they are covered underneath this rule they need to follow this rule an app that draws information from multiple sources is covered even if the health information comes from only one source so the example they gave is that even if you have a blood sugar monitoring app that draws health information only from one source like the consumer typing in their blood sugar levels if it also takes non-health information from another source so for example it can pull in information from the calendar that you sync with the phone it's covered under the rule so even if these apps sort of wanted to say hey you know i yes we take health information but we're only doing one uh one thing meaning that we're not you know working with an api we're not pulling data from elsewhere so technically this health breach notification rule doesn't apply to us no if you've got integrations in the app if you are pulling information from your phone's calendar from the from your your customers phone's calendar uh if you are pulling information from i don't know the notes app from um any other app you are covered and i like this too they clarify that a breach is not just cyber security concerns uh it's not just if someone comes along and uh you know breaks into the system and gets access to this information it also includes sharing the information without an individual's authorization so if they these apps have been used in the past uh for marketing purposes to share information they are at the mercy of this rule and the ftc said you know we haven't really done a good job in the past of enforcing this rule but now you're on notice it is a violation or any violation of the rule faces civil penalties of forty three thousand seven hundred ninety two dollars per violation and you may think forty three thousand seven hundred ninety two dollars per violation that's not very much money it's not just per violation it is per-violation per day so for every day that you are not notifying your customers about this and that you're violating this rule you are potentially facing a fine or civil penalty in this case a forty two thousand seven hundred ninety two dollars and that just keeps racking up and racking up and racking up and racking up so it could get pretty expensive um interestingly uh there are some companies who in because again the the rule itself it's one of those where it kind of already did include apps but just apps were kind of some apps were kind of going oh no that doesn't really apply to us and the ftc isn't saying anything so we don't say anything you're not saying anything whatever uh but some apps out there went ahead and sort of followed this rule even if it wasn't being enforced in other cases an example of that is i can't remember i think it was uh goodness i can't remember who bought it but there was um a pretty popular app that got purchased by a bigger a pretty popular fitness advocate purchased by a bigger company and when that happened the bigger when there was a breach the bigger company followed the rule and notified as was needed and so so yes my fitness pal thank you adam w uh in the chat um under armour thank you purchased myfitnesspal i love our chat um and there was a breach and under armour notified as they were supposed to um and it kind of reminded me of the movie industry because with the movie industry uh all of those ratings systems are something that the movie industry created itself and the reason that they created the ratings and this body that is an oversight body that um helps determine what ratings movies get is because they did not want the government to regulate the movie industry and so they said no no you don't have to do it we're gonna go and take care of it we're gonna do it ourselves and so then the government kind of turned elsewhere uh to work on other regulations because they went ahead and took care of themselves so under armour did the right thing kind of followed this rule that's already here and said we're gonna do this but other companies are not uh have not kind of followed along with this rule and so now that this is sort of clarified this is good um one of the things i really liked in the piece um was ftc chair lena khan talking about uh the advertising and how this played a rule given the growing prevalence of surveillance-based advertising the commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk went on to say digital apps are routinely caught playing quote fast and loose with user data leaving users sensitive health information susceptible to hacks and breaches given the rising prevalence of these practices it is critical that the ftc use its full set of tools to protect americans so this is a real crackdown to make sure that these apps that in the past have kind of gotten to go oh we're soaking up all this data but we don't necessarily have to be as protective of this data or in some cases can use this as an opportunity to make money on this data uh now the ftc is coming in now you may be asking okay but it was a three to two vote why were there why was there any dissent on protecting users data well of course there's a lot that goes into why that happens but i do just want to read the hill which has information about that it says the vote for the policy fell along party lines with khan and the other two democratic commissioners voting three to two in favor of the policy against republican commissioners noah phillips and christine wilson so it seemed to be a democratic versus republican decision here and uh the the republic one of the republican commissioners explained that the reason they voted not to uh protect consumers health information is because there is a sort of longer term more wide encompassing uh set of rules and regulations that they're working on and so they didn't want to do this sort of piecemeal stuff in the meantime because they needed to conclude those other things first so you know take that for what it is and what you do with that what you will but that's why it seems to have fallen along party lines in any case i'm glad this careful clarification has uh taken place and that all these different apps that you know we maybe in some cases take for granted the information that they're uh collecting are going to have to be uh more proactive or face some serious finds now the one thing that i think is important to point out is that there is an important definition here um this is only when there's a breach be it a nefarious breach or a sharing of data as the the rule points out only applies to unsecured identifiable health information now i don't know how we go into a definition of identifiable um what what exactly that means because for some for me i would think that means that if they anonymize this health information then they're okay with uh you know sharing it with ad marketplaces and all that kind of stuff so that part gets a little bit murky and uh it would be interesting to hear some more uh from from lawyers in particular about uh that part of the the regulation so it's not you know a be all end-all rule it's not fixing everything but um i already i'm curious to hear you jason if you feel the same way when it comes to apps i am happy to um let the app with health apps in particular i'm happy to let the health app write data to my phone because of apple's health app which collects all of that information happy to let it write to that but i'm not big on letting it read any of that information meaning that it can access other things within my health app and and sort of suck that up and send it to the cloud and so oftentimes what i will do is only give it write permissions not read permissions and if it's read permissions it is for very specific apps that are for for example health tracking and i don't let it have access to some of the more you know i i don't mind if it has my uh calorie burn for the day and my steps for the day but i'm not also going to give it access to uh heart um heart monitoring information so kind of the more private more detailed in-depth information so i i'm curious your side of things there's one other mention that i'll make that i completely forgot um ember mug is a great example of this love my amber mug fantastic it keeps my coffee or whatever warm drink i have warm throughout all time but on ios you can let it write and read health information so that you can track your caffeine intake i am not interested in a smart mug company having my caffeine consumption and so i have that feature turned off but an app that uses my apple watch a well-established app that uses my apple watch to provide me more insight on my heart rate and that kind of thing i give that app permission uh to write and read very specific things so it kind of depends on the app and whether i think that they are going to be using it for the purposes that i expect it to or if they're going to be sort of making more money on that how are you because i don't first i guess i'll ask jason does google have a like one app that collects a bunch of health information that you can go to like apple watch it ha this one app called health and not apple watch but apple in general on ios has an app where there's one app where i can go in and uh not only log but see all of the apps uh information that is logged my nutrient intake so you know if i if i use an app for uh meal tracking it will tell me then how much calcium i've had in a day how much fiber i've had today how much it is how much fat how much etc etc that app also has information for my steps it has information for my heart rate it has information for my um my my doctor's records all of that is in this one app and then through the api third-party apps can write to the health app and read from the health app is there's something like that on google and then my second question for you is um how quote-unquote fast and loose do you play with the health information on your device and with apps that sort of use that stuff yeah google has google fit is their app that it kind of collects a lot of this information and it's not i mean it's fine it's you know it's not as all-encompassing as some other apps like samsung's health app you know it does actually track some things that google fit doesn't and you can set them up so that they talk to each other and there's plenty of third-party apps that act as like a conduit between that and uh you know fitbit information although fitbit's now in google but before it was you know kind of setting it up so that some of these pieces of information could pass between them and um yeah i mean so so it is possible for these apps to kind of talk to each other it's also uh something that that android has been doing in uh in the last couple of years where they've been getting a little bit more um they've been controlling a little more how easily data is shared from one app experience to another and kind of siloing them you know from a from a file access slash data perspective so you have to be as a user a little bit more intentional if you want to say yes this app can have access to this health information that's over here so that's good it puts the control at least in the in the consumer's hands whether the consumer understands that control that's a different story um i just i just don't really do a whole lot of fitness stuff with my phone to begin with you know i feel like we've talked about this to some degree maybe a couple of weeks ago when i was showing off uh the galaxy uh watch 4 classic that i've been wearing you know it does a lot of activity tracking and everything but i don't really do anything with that information like it's nice that it does it but i really am not a you know the kind of person that's like really uh tracking all of this information so so it's not really top of mind to me i don't really you know if that information is in the app that's that's fine i should probably be a little bit more cognizant of what's happening to that information but um you know a part of me kind of has a trust of google if i'm throwing this stuff into google fit i'm like okay well uh you know maybe i shouldn't trust google on that but i i just kind of tend to be like it's going into google fit i'm not really doing anything with it it's just kind of par par for the course but i do think that having the ability to control that for people who really do care about this stuff is essential and i think that google does a a pretty good job with that um to my understanding i'm sure someone else might might disagree with that though oh yeah i mean everybody kind of falls along different lines when it comes to this thing and uh you know privacy considerations in general uh but ultimately um i think eighth if all this and this is what this rule says if all this rule says is that hey if you uh if if you suffer a breach of someone's data you have to let them know yeah that's a really good rule yeah that's pretty good basic like line of of uh of thought there for for a business hey if something bad happened and it has to do with somebody else's data and especially private private data that can be really revealing like health data um all data of course but that especially then yeah that's a pretty good foundation to kind of build upon i i definitely applaud the ftc for um making that that stance i think that's good for consumers ultimately and that's what it's all about yeah\n"