Most fitness apps know far more about you than your step count. They know where you walked, when you left home, which routes you repeat, and often they share that information with parties you have never heard of. MistyWay was built on a different premise: a pedometer does not need your location to count steps, so we never ask for it.
What Fitness Apps Know About You
A 2024 study by Surfshark analyzed data collection practices of leading fitness apps and found that Fitbit collects up to 24 distinct data types. Only 5 of those are functionally necessary. The remaining 19 exist to build advertising profiles or feed third-party data brokers.
The same research found that 80% of top fitness apps share user data with third parties. Location history combined with routine and pace is surprisingly re-identifiable — even when labelled “anonymized.”
Surfshark fitness apps privacy study, 2024. Industry report.
For a broader look at how health platforms handle data, see our guide to connecting fitness devices to health platforms.
When Location Data Goes Wrong
In January 2018, analysts identified that Strava's global activity heatmap had exposed patrol routes and layouts of US military bases in Syria, Iraq, and Afghanistan. Soldiers using Strava on deployment had their GPS tracks folded into the public heatmap. Base perimeters, entry points, and patrol corridors became visible to anyone who knew where to look.
In 2024, Le Monde reported on #StravaLeaks: Strava activity data exposed the regular running routes of French President Macron's security detail near official residences.
In July 2018, Bellingcat and the Washington Post reported that Polar Flow had exposed home addresses and identities of approximately 6,500 users at 200+ sensitive sites worldwide — including intelligence agencies and military installations.
In February 2018, MyFitnessPal disclosed that 150 million user accounts had been compromised. Usernames, emails, and hashed passwords were exposed.
Reported by CNN, The Guardian, Le Monde, Bellingcat, Washington Post.
These are predictable consequences of collecting location data at scale. The simplest way to prevent location data from being exposed is to never collect it.
How Step Counting Works Without GPS
Step detection relies entirely on the accelerometer built into every modern smartphone — a sensor that measures changes in acceleration, not position. When you walk, each step produces a characteristic cycle of acceleration and deceleration. The algorithm identifies peaks in this waveform and counts them.
The process works whether you are on a treadmill, in a mall, or outdoors. No satellite signal is involved. No coordinate is generated. The phone never needs to know where it is to know that a step occurred.
GPS adds route and distance data useful for runners and cyclists. For step counting, it adds nothing functional — only risk. For context, see our comparison of free pedometer apps with no ads.
What MistyWay Collects
- No GPS permission is requested — ever
- No location data is generated, collected, or stored
- No advertising IDs or ad network SDKs
- Step data is never sold or shared with third parties
- One-tap account deletion removes all associated data
- Full GDPR compliance, including right to erasure
The privacy policy is written in plain language. We store your step count to power in-app progress. We do not build profiles, run ad targeting, or have a data broker relationship. The permissions MistyWay requests are visible before installation in both the App Store and Google Play.
Why This Matters
Under GDPR, step count is classified as health data — a special category requiring heightened legal protection. Activity data, combined with other signals, can reveal medical conditions, disabilities, and daily behavioral rhythms.
Apple's App Tracking Transparency shows users agree: the average opt-in rate is approximately 35% as of 2025. Roughly two-thirds of iOS users actively decline tracking when given a clear choice.
Apple ATT opt-in data, Business of Apps, 2025. Industry data.
MistyWay's approach is a technical and ethical choice at the architecture level: do not collect data you do not need, do not store data you cannot protect, and do not build systems that create risks for users — even when those risks are unintended.
If you are evaluating walking apps and want to compare privacy practices, our guide to choosing the best walking app covers the options.