Get More from the Cloud: Health Apps.

Health apps allow for extensive recording, sometimes without the users knowledge. These recordings help aid in investigations.

women running with an apple watch on

With over 350,000 health apps available in major app stores, tracking fitness activity and logging health data has never been easier.

According to a Pew Research Center study, 62% of smartphone users have used their devices to gather health-related information, while only 57% of users have utilized their devices for online banking and 42% for job searching.

In 2020, over 87 million people in the U.S. used a health or fitness app, while  over 60% of Chinese and Indian mobile device users also use health apps.,

Data Collected by Health Apps

A lot more mobile device users have pre-installed health apps like Apple Health or Samsung Health, which is collecting data unknown to the user.

If a mobile user owns a fitness watch or bracelet, the data will be synchronized with health apps and allow for extensive activity reporting. The devices are often recording the data autonomously, without user intervention.

Thus, providing investigators with valuable evidence.

Health Data Helping Solve Crimes

Oftentimes, data from fitness trackers and fitness apps provide authorities and digital forensic investigators with valid evidence, in turn, helping solve crimes.

Extracted health data has the potential to determine whether the suspect is lying or a crime scene was staged.

Health App Forensics

Health Apps Supported in Oxygen Forensic® Cloud Extractor

Over 100 cloud services are supported in Oxygen Forensic® Cloud Extractor, making Oxygen Forensics an industry leader when it comes to cloud forensics.

Six Health & Fitness cloud services are supported in Oxygen Forensic® Cloud Extractor.

 

Health Apps Supported in Oxygen Forensic® Cloud Extractor:

 

To filter the list of all available cloud services by Health apps, click on the heart icon below the list of all supported cloud services.

Credentials from every service can be entered manually or imported from an extraction’s Accounts and passwords page in Oxygen Forensic® Detective.

The investigator can manually uncheck the cloud services of no interest. Click “Next” to overview the full list of services and fill in credentials to extract data from missing cloud services. Click “Next” once again and wait until the verification completes.

As soon as the verification has been completed, the data will be extracted.

 

Apple Health

Apple Health is the health informatics mobile app included with iPhones and iPod Touch that run iOS8 or later, and the Apple Watch starting with watch OS 1. It gathers health data from iPhone, and Apple Watch. All this data is synchronized with the cloud.

What do I need to extract data?

Apple login credentials are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually.

Authorizing via token is also supported. However, please note that every token has a limited lifespan and might not be valid after some time. If the 2FA is on, investigators can pass it by entering a code sent to a trusted device or generated on it.

Investigators can also log in via OxyAgent installed on the device in order to bypass the 2FA.

What will be extracted?

  • General account information
  • Data sources
  • Connected devices
  • Activity
  • Nutrition
  • Mindfulness
  • Sleep
  • Body measurements
  • Heart data
  • Reproductive health
  • Clinical documents (blood glucose, alcohol consumption, VO max, etc.)
  • General information
  • Workouts overview

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Samsung Health

This application is installed by default on Samsung smartphones but is not limited to them as it is available to Android and Apple users.

Samsung Health is a free application developed by Samsung that serves to track various aspects of daily life contributing to well-being such as physical activity, diet, and sleep. There is more data automatically recorded when paired with the Galaxy watch.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. If the 2FA is on, investigators will be asked to pass it in order to access the data.

What will be extracted?

Once the credentials or token is verified, the following data can be extracted from the cloud:

  • User account information
  • List of data sources
  • List of workouts
  • Workouts geodata
  • Pictures of workouts
  • Nutrition
  • Meals with photos
  • Water consumption
  • Caffeine consumption
  • Health information
  • Sleep
  • Steps
  • Pulse
  • VO2 max
  • Stress level
  • Glucose and insulin
  • Blood pressure
  • Body measurements

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Google Fit

Google Fit is a health-tracking platform developed by Google for the Android operating system, Wear OS and Apple iOS. It is a single set of APIs that blends data from multiple apps and devices.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. If the 2FA is on, investigators will be asked to pass it in order to access the data.

What will be extracted?

Once logged in the cloud, the following can be extracted.

  • User account information
  • Devices
  • Sessions
  • Health information
  • Steps
  • Blood pressure
  • Heartbeat
  • Body measurements
  • Nutrition
  • Activity log

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Fitbit

The Fitbit app is designed mostly for users of Fitbit wearables. When used without a wearable, it automatically tracks the number of steps, distance, and the calories burned. All other data, including workouts, weight, and nutrition must be manually logged. The app also provides its users access to Fitbit Community, thus being a fitness social network as well.

What do I need to extract data?

User credentials or a token are required for successful data extraction. Investigators can either import them from an existing extraction or enter them manually. There is no 2FA.

What will be extracted?

Once the credentials or token is verified, the following data can be extracted from the cloud:

  • User account information
  • List of connected devices
  • List of friends
  • Workouts
  • Workouts geodata
  • Health information
  • Sleep
  • Steps
  • Floors
  • Pulse
  • Incoming messages from other Fitbit users
  • Community data
  • Last 50 notifications
  • Groups
  • User’s posts
  • Comments to user’s posts

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Mi Fit

Mi Fit is an app that pairs with the fitness trackers from the Xiaomi Mi Band series. Mi Fit can track exercises as well as analyze sleep and activity data, displaying calories burned, steps walked, and heart rate.

The app has over 100 million installs on Google Play and is included in the top 10 most used health and fitness apps in France and Germany.

What do I need to extract data?

Investigators can get authorization in Mi Fit cloud with the user’s Mi Fit, Google, Facebook, or Mi account credentials.

Another way to authorization is to use a token from an iOS or Android device, or the one that was generated when logging in with their credentials. Proxy extraction is supported for Mi Fit cloud.

It is possible to import the Mi Fit credentials or a token from the Accounts and Passwords section of an examined device that has been used to log into Mi Fit. When authorizing by token, note that the token is only valid till a new authorization in Mi Fit occurs.

What will be extracted?  

Once authorized in the cloud, Oxygen Forensic® Cloud Extractor proceeds to acquire data from it. The process may take some time, depending on the volume of available data.

Investigators can get access to the following information from the Mi Fit cloud:

  • Data about the account owner
  • Linked and family accounts
  • Contacts
  • Goals
  • Alarms
  • Reminders
  • Connected devices
  • Behavior tags
  • Menstrual cycles
  • Body measurements
  • Chats
  • Workouts
  • Mi Fit Band Data

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Runkeeper

Runkeeper is a GPS fitness-tracking app launched in 2008, and used by over 50 million people worldwide. Runkeeper tracks fitness activities such as walking, running, and cycling using the device’s GPS sensor.

Users can set goals for themselves, track their progress, overview taken routes, and see key data about their activity, like distance, speed, calories burnt, and time it took to complete the workout.

What do I need to extract data?

To get access to the cloud, investigators need one of the following:

  • Username and password
  • Username and Google password
  • Token formed by authorization via username and password
  • Token from an iOS device
  • Token from an Android device

Please note that credentials and tokens may be imported into Oxygen Forensic® Cloud Extractor from the “Accounts and passwords” sections of an analyzed device that was previously used to access the Runkeeper app.

What will be extracted?

As soon as credentials are checked and verified, the data extraction process begins. When it is completed, the data that was extracted from the cloud can be reviewed from Oxygen Forensic® Detective.

With our solution, investigators can get access to the following information:

  • General account information
  • Runkeeper challenges
  • Contacts
  • User’s shoes
  • Events
  • Routes
  • Workouts

Please note that the set of extracted data may differ depending on the data present in the cloud.

 

Huawei Health

Huawei Health is a pre-installed app available on Huawei devices that tracks the user’s movement and activity, mapping routes, heartbeat monitoring, and sleep data. It is used by over 400 million people, globally.

What do I need to extract data?

To get access to the cloud, investigators need one of the following:

  • User’s login and password
  • Token that was extracted from the device
  • User’s telephone number and code sent via SMS
  • QR code

What will be extracted?

As soon as credentials are checked and verified, the data extraction process begins. When it is completed, the data that was extracted from the cloud can be reviewed from Oxygen Forensic® Detective.

With our solution, investigators can get access to the following information:

  • Information about the account owner
  • List of data sources
  • Information about workouts
  • Medical data, including information about blood pressure, pulse, weight, sleep, temperature, fluid intake, and menstrual cycle
  • Routes

Please note that the set of extracted data may differ depending on the data present in the cloud.

Get more from Oxygen Forensic® Detective

At Oxygen Forensics our software is updated multiple times every year. We offer training courses and webinars that can help you learn the ins and outs of Oxygen Forensic® Detective and stay up to date on new features and tools needed for your investigation. Returning customer? Sign up for our newsletter to stay in the loop.

Want to try this capability?

Easily extract cloud data from the most popular health apps. Get a 15-day free trial.

Request Trial