Wearable devices, such as wearable activity trackers (WATs), are increasing in popularity. Although they can help improve a person’s quality of life, they also raise serious privacy issues. Although security aspects of WATs have been widely studied (e.g., Bluetooth security, inference of password or biometrics), as well as privacy-related aspects such as users’ attitudes and concerns, we lack knowledge about the privacy of WAT users. Indeed, the security aspects that were studied in prior work are not enough to build a realistic adversary model, as these studies focus mostly on communication protocols and not on large- scale data collection. Furthermore, previous work related to data inference by using WATs focuses on only functionalities rather than on privacy (e.g., better monitoring of activity or health to improve user experience). Moreover, these studies focus only on the inference of behavioral patterns (e.g., activi- ties, consumption) or conditions (e.g., diseases), but none of them investigate the inference of users’ personal attributes (e.g., personality, religion, political views).
In this thesis, composed of three research papers and a literature review, we contribute to the WAT security & privacy research field by analyzing how the data of WAT users can be accessed at a large scale by many potential adversaries, by evaluating how such data can be used to infer users’ personal attributes and, finally, by proposing privacy enhancing technologies (PETs) to protect their privacy. Concretely, after analyzing the current literature about WAT security & privacy, we conduct a user-survey study to better under- stand the WAT user’s behaviors towards data sharing, especially with respect to third-party applications (TPAs) that can easily be used by adversaries to collect data. We then use a rigorous machine-learning approach to evaluate to what extent users’ psychological profiles (Big 5) can be inferred from WAT data, and we discuss the related consequences on the users’ privacy and society as a whole. Finally, to propose effective and likely-to-be-adopted protection mechanisms, we conduct a user-centered design study by using a participatory design methodology before analyzing and evaluating the proposed designs in order.