"Revoked just now!" Users' Behaviors Toward Fitness-Data Sharing with Third-Party Applications

The number of users wearable activity trackers (WATs) has rapidly increased over the last decade. Although these devices enable their to monitor activities and health, they also raise new security privacy concerns, given sensitive data (e.g., steps, heart rate) collect information that can be inferred from this diseases). In addition sharing with service providers Fitbit), WAT share fitness third-party applications (TPAs) individuals. Understanding how whom what kind approaches take preserve are key assessing underlying risks further designing appropriate privacy-enhancing techniques. work, we perform, through a large-scale survey N=628 users, first quantitative qualitative analysis users' awareness, understanding, attitudes, behaviors toward fitness-data TPAs By asking draw thoughts, explore, in particular, practices actual mental models. Our empirical results show about half underestimate which have granted access data, 63% at least one TPA do not actively use (anymore). Furthermore, 29% revoke because forget gave it place, 8% were even aware could data. Finally, models, as well some answers, demonstrate substantial gaps understanding data-sharing process. Importantly, 67% respondents think cannot was collected before it, whereas actually this.