
The Electronic Frontier Foundation (EFF) says Apple is the only major wearable manufacturer among ten leading brands it examined that offers end-to-end encryption for users' cloud-synchronized health data.
The privacy group's review also found that transparency around government data requests remains uncommon across the wearable industry, with only Apple and Google publishing transparency reports.
EFF’s Thorin Klosowski reviewed the public privacy policies of ten major wearable manufacturers and contacted each company to verify the findings. The assessment covered Amazfit, Apple, Coros, Garmin, Google (including Fitbit), Hume, Oura, Polar, Suunto, and Whoop. Klosowski noted that his assessment is based on published policies and company responses rather than a technical security audit.
The Electronic Frontier Foundation is a nonprofit digital rights organization that advocates for stronger privacy protections and regularly evaluates technology companies' security and data-handling practices.
According to EFF, wearable devices have become mainstream, with surveys suggesting roughly 40% of Americans own a smartwatch, fitness tracker, smart ring, or similar device. These products collect sensitive information such as heart rate, sleep patterns, activity levels, GPS location, and other biometric data, yet the information they generate generally lacks the legal privacy protections afforded to medical records.
Apple stands alone on end-to-end encryption
EFF's primary finding is that Apple is the only company in the group that provides end-to-end encryption for health data stored in Apple's Health app. Because only a user's trusted devices can decrypt the information, Apple itself cannot access the stored records.
The protection applies only to data stored in Apple Health. Information shared with third-party apps or synchronized with other wearable platforms, such as Strava or Oura, is not necessarily covered.
The remaining vendors primarily use encryption in transit and at rest. While these measures protect data from external attackers, they do not prevent the provider from accessing information stored on its servers. EFF argues that this leaves the data available for internal processing and disclosure in response to lawful government requests.
While acknowledging that end-to-end encryption can limit some cloud-based and AI-powered features, EFF says wearable makers should at least give users the option to choose stronger privacy protections through end-to-end encryption or local-only storage.
Transparency reports remain uncommon
The report also found limited transparency around government data requests.
Only Apple and Google currently publish transparency reports. Apple, Google, and Whoop publicly state they will notify users of government requests whenever legally permitted.
Oura joined that group after updating its privacy policy in June 2026 to include user notifications and told EFF it is evaluating the publication of a transparency report. Suunto said it is also considering issuing one in the future. The remaining vendors either do not publicly describe their notification practices or did not respond to EFF's inquiries.







Leave a Reply