Like a few others here, I've been wanting a fitness tracker watch and have been struggling to find a robust privacy-friendly solution. After doing a lot of research, I figured I'd share my findings in case it helped anyone else.

Here are solutions I've found at the end of 2023, in rough order of my opinion of most privacy friendly to least:

  • Bangle.js v2
  • PineTime
  • AsteroidOS via supported devices (defunct? I.e. security concern)
  • Withings
  • Garmin (Gadgetbridge support possible but immature)
  • Amazfit (mature Gadgetbridge support but requires secret key from official app after initial setup)
  • Coros (basic offline support via app after initial setup)
  • Polar
  • Apple
  • Google / Fitbit
  • Samsung Galaxy

There are other brands but I'm not sure where they fit, and I'm not totally sure where Polar should sit after their move from driving revenue from hardware to algorithms.

I started with an older Samsung Galaxy watch after buying it on a heavy discount, which I tried to set up via the SMH mod from XDA forums to unlock ECG and blood pressure. Using that mod ended up requiring setting the watch up through the official app (there's otherwise a way to set up standalone), and that app is very finicky, often requiring using Samsung Health. I would have had to set up Google Play, use the owner profile, use a phone number for 2FA, I almost couldn't even use SimpleLogin (the more common domains were blocked with an explicit message and I had to use a lesser domain as a loophole), it wanted access to phone records and contacts, nearby devices and location, and probably other things. I created a secondary isolated profile, had an alt phone number ready, saw the popup about an owner profile, and knowing the permissions mentioned would soon follow, threw in the towel and returned it.

I wanted to get a Garmin next, but am priced out of the feature set I want and ended up with a Coros, which has a similar privacy policy to Garmin. While I still don't trust them very much, thankfully the app doesn't even need Google Play, account creation is email-only and doesnt even ask for a personal name, and works in a basic way even without internet. The wording of the app said it needed location access for setup, but actually worked fine with only nearby devices. The main drawback is the need to update satellite data on the watch. I'm not sure if this will be as friendly for Gadgetbridge, but I want to at least try adding support for it. If it did end up working with Gadgetbridge, it'd be friendlier than Garmin, since Garmin Connect requires internet. So I have it set up in its own profile while I get Rethink set up on my phone, and I'll be digging into the Coros app's network connections.

The Amazfit Balance, which just came out, finally seems like a contender for a solution due to giving an Amazfit watch accurate sensors for the first time. But its Gadgetbridge support would depend on whether or not Zepp introduced a 4th protocol update.

    • [deleted]

    • Post #2

    Interesting to know there exists an app that can interact with watches without upload fitness data to OEM servers

      • [deleted]

      • Post #3

      I haven't looked at the others, but Withings is not private by any means. Last time I looked at their smart scales, they required you to use a Withings account and sync all your data to their servers. There’s no mention of end-to-end encryption, only GDPR compliance. I would rate them at the bottom, certainly well below Apple which E2E encrypts health data and you can choose not to sync it if you want. Not that Apple Watch even works with GrapheneOS.

        [deleted] Thank you, I appreciate the correction! I admit not knowing much about them, just going by a little heresay. Moving down

        [deleted] There's an annoying popup with the newest version, but it was still functional based on an initial test. I'll update if something changes.

        Updating satellite data is something I'm not sure how to do without network permissions so I'm definitely motivated to find an alternative to using the official app with internet.

        Although I do appreciate that my experience with Coros so far has been far different than Samsung, which felt actively hostile to my privacy (glad I didn't give them any data in the end).

            OK I dug through the Coros app more thoroughly. There seems to be two kinds of information. The first is sensor data and simpler calculated data like sleep and steps, which are local and not presented as a built-in webview and work fine. This even includes activity data like runs, etc. I logged my first activity recently and was able to pull up a 2D route of it with all the details, but a blank map background. I was able to export the data in fit, gpx, etc formats as well.

            The second is recovery and training load type views which don't load, maybe because those algorithms are more dynamically updated? Or they at least want more control over the data.

            Anyway, with activities viewable and exportable offline, I'm pretty pleased with the amount of functionality I have offline given how pathetic the state of smartwatches are overall when it comes to privacy.

            sonicbackdrop https://www.withings.com/es/es/data-security

            "
            Encryption of stored data

            Withings uses low-level disk encryption. The encryption will have a robustness of at least AES-256 or equivalent."

            Communication encryption

            On public networks, all communications with Withings user interfaces and APIs are encrypted using the HTTPS / TLS standard (TLS 1.2 or higher). This ensures that all traffic between the client and Withings is secured in transit.

            Withings stores the data encrypted.

            But Withings watches do not have built-in GPS, they need to be connected to the phone to use the phone's GPS.

            Withings focuses on manufacturing products with an excellent design and an excellent user interface, it also has the advantage over other brands such as coros or amazfit that Withings has an ecosystem of watches, scales, urine analyzers, blood pressure monitors and thermometers, that is, there are Keep in mind that it is a brand that does not seek value for money and that to unlock some functions of its application you have to pay (Withings +)

              sonicbackdrop I don't know if it has better privacy/security than Garmin or Polar, but it is infinitely superior to Amazfit or other Chinese brands if used with their official applications.

              It must be remembered that Withings is a French brand and complies with all European data protection regulations and does not sell or share health data with third parties without your consent.

              The only bad point about the withings app is that they force you to register with an email to be able to use it, they also block several emails such as guerrilla mail, I don't know if protonmail or tutanota would be accepted

              Although other watches with built-in GPS can be used offline, it must be taken into account that they will need to be updated (which requires the Internet) so that they can detect GPS signals.

                  hdishs I see. Thanks for your additions. I thought I heard they encrypted data and didn't sell it (like Garmin and Coros). Good to have confirmation.

                  Yes anything Zepp using the official app online would be pretty bad IMO. But I think its a possible solution specifically due to mature Gadgetbridge support. Assuming I understand the key management correctly, once you setup you can disable the app and you'd keep the key active as long as you stay paired. And at least as of last year, it seems you can use the Zepp app offline to some degree as well. Gadgetbridge does allow for updating firmware.

                  Amazfit Balance does work, but Gadgetbridge lacks some features for Zepp OS 3 devices, most importantly is no upload of AGPS (satellite data) nor GPX files (routes/activity info).

                  Another reason to avoid Amazfit is they have a history of not supporting their devices very well, they tend to just keep releasing new ones instead, though that's improving. From my research, Coros is basically the opposite, with Garmin more in the middle.

                      • [deleted]

                      • Post #9
                      • Edited

                      sonicbackdrop only to confirm: the device ID stays unchanged while the device is added to your Zepp account, even if you change the active device, reset the phone, repair from BT, etc

                          [deleted] Got it, thank you, I misread pairing with the official app as phone Bluetooth pairing. So just dont remove from the official app nor hard reset the device.

                          I wish I could edit my older posts to correct them.

                            • [deleted]

                            • Post #11

                            I'm using "GadgetBridge" in conjunction with an Amazfit GTR4 instead of use Zeep app.
                            "GadgetBridget" doesn't requires Internet connection.
                            For the exercices recording I'm using "OpenTracks" that maybe activated automatically from the "Watch" -> "GadgetBridge".
                            "OpenTracks" also doesn't requires Internet.
                            Finally, using "OSM Dashboard (offline)" to view the GPS records of the exercices.
                            I think this option is pretty private.

                              5 days later

                              [deleted] Nice, that sounds like a good setup.

                              I've logged quite a few activities in the Coros app since I removed network permissions and the app still works well in tracking everything. It basically works like OpenTracks, although unfortunately the aggregated data views don't work because they seem to be web-based.

                              The watch tracks Training Load (as in how much training weight you're "carrying") along with Recovery, I wish I could see that in the app.

                              The main thing I wish I had at this point is a few more intelligent sports coach-type features like that. It's my understanding OpenTracks intentionally doesn't have this (for ex calorie calculations were removed).

                                I had a Polar watch for a while after looking into something like a Pinetime with GadgetBridge... but I wanted a consumer ready device rather than a development tool.
                                With Polar, you have to use their app and through it, create an account on their website. At that point, any firmware update is downloaded (maybe also applied automatically, I can't remember). Your training sessions (with or without GPS) are recorded along with sleep data. Some of this is visible on the watch itself but it's limited. To get more information out of it, you need to sync with the app. I had the app installed in a second profile, and I would disable internet when switching profiles.
                                Their app provided much more information about your sleep and perhaps a little more about the training sessions, though not much more. So my data never got uploaded but there were some downsides.
                                Firstly, sometimes the sleep tracking would just be wrong, like claiming I fell asleep at 7pm or whatever. Within the app, there's an option to modify/edit the start/stop times but for this it needs to connect to the website. So I never got to try it.
                                Secondly, you can't get a GPX track of your training session unless you use the web-app.
                                Thirdly, I ended up with a fault with the watch and the only advice from customer support was to do a factory reset and update the firmware. If the data existed on their server, then everything would have been preserved, but in my case, I didn't want that to happen, so had to reset the watch and then re-install the app to delete all my data, then I could update the firmware by connecting to the internet.
                                So as a watch for the privacy conscious, it's not ideal. I'd love for there to be a good watch that could just share the data in a common format with a 3rd party apps. Of course, this isn't how they make their money though.

                                5 months later

                                [deleted]

                                Try FitoTrack it has a better interface more insights and most importantly it can use my GTR watch as heart monitor in real time.
                                The only thing I still can't find is how to trigger the workout using the watch like with open track (I believe I came across the option to change it on gadgetbridge but I forgot where)