Health & Fitness Apps Privacy Overview

Introduction

At Apple, privacy is a fundamental human right. Users should have control over their personal and private data and visibility into how it's used. Apple designs products to protect this data and empower users with control over who they share it with.

Sharing data with third-party health and fitness applications can be valuable for well-being assessment. However, this information is often highly personal. Apple provides tools to help users understand, control, and protect how apps handle their private health data. This document outlines what to consider when downloading third-party health and fitness apps, the controls available for data sharing, and how to update settings.

Apple's products and services are guided by four key privacy principles:

• Data minimization: Using technologies to minimize personal data access by Apple or others.
• On-device processing: Processing data on the device whenever possible to protect privacy and reduce data collection.
• Transparency and control: Helping users understand data collection and make informed choices about sharing and usage.
• Security: Implementing security protections like end-to-end encryption as a foundation for privacy.

These principles, combined with built-in privacy protections across Apple's platforms, aim to ensure users can fully leverage Apple's privacy tools.

How to Understand Information Apps Might Collect

The App Store offers several ways to understand a health and fitness app's privacy practices before downloading:

Privacy Nutrition Labels

Introduced with iOS 14.3, Privacy Nutrition Labels provide an easy-to-understand snapshot of an app's privacy practices, as self-reported by the developer. On an app's product page, the "App Privacy" section details data types the app may collect (e.g., location, contact info, health info) and whether that data is linked to the user or used for tracking. It also explains how developers or third parties might use this data, such as for advertising or analytics.

[Visual Description: An illustration of an iPhone screen displaying the App Store product page for an app, highlighting the 'App Privacy' section with details on 'Data Used to Track You' and 'Data Linked to You', alongside a description of 'Privacy Nutrition Labels'.]

App Privacy Report

Available from iOS 15.2 and iPadOS 15.2, the App Privacy Report allows users to see how often apps access their data (location, camera, microphone), their network activity, and the domains apps contact. This report, alongside Privacy Nutrition Labels, offers a comprehensive view of how apps handle user data.

To access: Go to Settings > Privacy & Security > App Privacy Report, then choose to turn it on.

App Tracking Transparency (ATT)

Starting with iOS 14.5, iPadOS 14.5, and tvOS 14.5, apps must request permission before tracking user activity across other companies' apps and websites. Tracking involves linking data collected from one app with data from other sources for targeted advertising, advertising measurement, or sharing with data brokers.

When prompted, users can choose "Allow" or "Ask App Not to Track." This choice does not typically affect the app's core functionality. Users can manage these settings anytime in Settings > Privacy & Security > Tracking, or set a universal preference for all apps.

[Visual Description: An illustration of an iPhone screen showing an App Tracking Transparency prompt. The prompt asks, 'Allow "PalAbout" to track your activity across other companies' apps and websites?' with options 'Ask App Not to Track' and 'Allow'.]

Developers may provide explanations for tracking requests. If "Ask App Not to Track" is selected, the app cannot track users based on device details or other identifiers like email. Importantly, any app interacting with Apple Health data is prohibited from using Health data for tracking purposes.

How to Grant Permissions to Apps

Apple provides transparency and control over data sharing with apps. Apps may request access to various data types, including location, contacts, calendars, microphone, camera, photos, and Health app data. No app can access this data without explicit user permission, typically presented via a prompt with an explanation.

Users can always change permissions later in Settings > Privacy & Security.

Permissions to Access Your Data

For example, fitness apps may request location data. Apple offers control over location data collection and use. Users can choose between approximate location (an area of about 10 square miles) or precise location. By default, Location Services data is not shared and is disabled. Users can enable it during device setup and manage it anytime. Location access can be granted per app or turned off entirely.

Permissions to Access Your Apple Health App Data

Health data is sensitive. The Apple Health app offers fine-grained control over sharing this information with third-party health and fitness apps. Data in the Health app is encrypted and only shared upon explicit user permission for each data type. Apps must prompt users for access, and users must affirmatively allow it. Users control precisely which Health data types are shared. If access to a data type (e.g., blood pressure) is denied, the app cannot tell if permission was denied or if the data type is absent from the user's Health app, preventing inference of health status.

[Visual Description: An illustration of an iPhone screen from the Apple Health app. It displays a permission request from an app named 'Pal About' to access and update Health data. Options include 'Turn On All' and specific data types like 'Heart Rate' and 'Steps' with toggles to allow or deny access.]

Apps requesting Health, medical, or health research data must meet specific criteria and provide an explanation for their request. Information shared in this context is intended for health management or research purposes only, not for advertising, marketing, or sale to data brokers, and requires user permission.

How to Review and Revoke Permissions to Access Your Data

It is important to periodically review app permissions. This can be done by navigating to Settings > Privacy & Security. Users can review apps granted access to specific data types, such as Health data or Location Services. For each app, permissions can be turned off entirely or adjusted for individual data items.

The Safety Check feature, also found under Privacy & Security settings, allows users to quickly review, update, and stop sharing information with apps, offering individual changes or an Emergency Reset option.

Conclusion

Health and location data are among the most private on a device. Apple believes users should control their health data and have transparency regarding its collection and use. Data within Apple's Health app is encrypted and inaccessible when the device is locked. Third-party apps have varying policies, making it crucial to understand their data requests and privacy policies before use.

Users can check their App Privacy Report to see app data access frequency and review/revoke sharing permissions at any time. For more information on Apple's privacy commitment, visit apple.com/privacy.

Steps You Can Take to Protect Your Privacy

• Understand what apps might collect: Utilize tools like Privacy Nutrition Labels, App Privacy Report, and App Tracking Transparency to make informed decisions.
• Grant permissions that are right for you: Apps must request access, and you have the ability to choose what information to share.
• Review and revoke permissions: Periodically check and manage app access to your data; revocation is possible at any time.