Fitbit Aria

Fitbit as one of the more popular providers of mHealth solutions has been investigated by prior research already. As part of this analysis we retested the Fitbit Aria for these issues detected by prior research. Furthermore we applied our test framework. The Fitbit solution is overall of good standard which means it widely respects the user's privacy and security. However the solution can be further improved.

sensor Aria
mobile app com.fitbit.FitbitMobile
app release date Jul, 2016
app install base 10k
app version 2.29
firmware version v39


Prior research especially on the scales protocol exploited the fact that data transmitted from the scale to the server was transferred over unencrypted channels. More information on these issues is referenced in Martin's master thesis.

  • unencrypted data transmission data exchanged between your bathroom scale and web servers is not properly encrypted: make sure your wifi network is protected!
  • wifi credentials are transfered to your scale in clear text during the pairing process: make sure you are the single person within reach of the scales network!
  • data is transmitted to a US server (as the app indicates): understand that your data is therefore subject to US jurisdiction rather than to more privacy preserving european laws