HealthStats

Description


HealthStats provides in depth look at all the data from the health data you collect with your iPhone or Apple Watch.

It will let you analyse steps, heart rate, weight over time or on a specific days. It will also allow you to review and analyse recorded workouts.

The app is for data geeks that want full access and views on the numbers and statistics.

This app is now open source on GitHub as part of the ConnectStats project, feel free to review the code, give feedback or contribute.

Features

  • Calendar View of your days and workouts
  • Compare your month to month distance in cumulative plots
  • Monthly/Weekly summary statistics of your days and workouts
  • Monthly/Weekly historical report and graphs of your recorded data
  • Scatter plots and trend for both historical or workout data
  • Best Rolling Plots, histograms for workouts
  • Support multiple source, for example data collected by your phone or your watch
  • Calculated laps for your workouts: find your fastest kilometer, or split time, etc
  • Display time in zone for heart rate or pace in your work outs
  • Slice your statistics by workout types: running, biking, etc

Quick Guide

  • When you first start the program, you will need to authorize the app to access your health data and choose the source for your data
  • Data will be refreshed as you pull down the activity list on the first tab or overtime you start the app
  • The Day Detail tab provide a view on a given day or work out
  • The stats tab provide historical report and graphs, tap on the different buttons on the navigation bar or on graph and numbers in the tables to explore further analysis
  • The calendar view provide summary views on the month, explore it by tapping the different configuration buttons

Notes

  • All the data is analysed locally on your phone, no data will be sent anywhere.

Recent Posts

Data Privacy in ConnectStats

I recently saw a negative review on the App Store for ConnectStats warning users that ConnectStats is not a Garmin app and therefore people should avoid giving away login information in the app as the data may get stolen.

Keeping data secure both on your phone or online has been a key guiding principle in how I tried to implement the app. So while I understand the concern, I felt it was a bit unfair.

I have been careful to make sure the data isn’t shared and the passwords are never sent to me. I also made the app open source so that people can check for themselves what it is doing.

I felt it may be worth to write a bit of details on what is ConnectStats doing with your data and password, with link to the code. So people can either let me know if I miss something or feel better about using the app.

Your login information

Garmin Website service

The app can connect directly to the Garmin website to retrieve information. In order to do that it needs to have access and store your username and password. To do that it stores the password in the keychain of your phone and never locally in a way someone looking at the files saved from connectstats could retrieve. It then relies on the iPhone keychain mechanism which Apple can ensure is secure. The key file to look at to see how it’s done is GCAppPasswordManager.

Strava and Withings services

For the Strava and Withings service, the authentication process uses the OAuth 2.0 so the password is never even seen by ConnectStats. The library I use to manage the OAuth 2.0 is provided by Google , and you can see in the file used by connectstats how the tokens are retrieved from the keychain in this file for Strava for example via this call:

ConnectStats service

ConnectStats also maintains a service that can receive the fit file from the new Garmin Health API. In that case the the authentication is done via OAuth 1.0a. So the passwords are never seen by ConnectStats or its web server, but only tokens are exchanged with Garmin. These tokens are then saved into the keychain of your phone as well as on the database in the server. Note that the server is open sourced as well. While the server is open sourced, the configuration files containing the database passwords and other secret keys are only saved on the server and not in the code. The website is hosted on Godaddy, a reputable company, and I rely on their security to make sure the access to the website is secured.

Your Activities Data

On the phone

Your activity data is kept on the phone and stored locally. So it will be as secure as you keep your phone. You can also see that if you try to run the app in airplane mode all the browsing of statistics and downloaded data will work. Of course you need a connection to download new data…

On connectstats server

With the new Garmin Health API service, ConnectStats needs to maintain a database in a server containing your activities. This is the case if you choose in the app Garmin as a service and source to be All or ConnectStats. If you choose Garmin WebSite only then the data will be accessed directly from the Garmin servers. Note that this is not the officially supported method from Garmin, can and has been subject to outage in the past due to undocumented changes to their website.

If the data is stored on the ConnectStats server, the access to that data is done via an OAuth 1.0 process. Both the app and the server keep a secret token, and use that to do the authentication. The tokens are provided by Garmin, so in order to access your data you will need to do a successful login on the Garmin service and obtain the token this way.

ConnectStats does not maintain any types of user name or its own passwords/user system, which means the data stored on the server can not be traced back to you. Everything is linked and identified by the sha1 hash tokens obtained by Garmin, which look something like this aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d.

The only person with access to the database with your data is myself, and no one else helps me or has access to the login information. If that ever changes, I’ll make sure to talk about it in this blog.

Note that if you use the source for Garmin data to be both the website AND connectstats service (what I recommend), you will need to enter your login details in the app (as in the Garmin website section), but that data will stay on your phone in your keychain. It will never be uploaded to the connectstats server. So on the server it will still be impossible to link the data saved in the database to your Garmin user account, email or username as well.

Bug Reports

When you send a bug report, this will send the log information, which will look something like the below. This is mostly information that helps me see what has happened and try to understand the problems. You can see in the code everything that is logged by looking for calls to the function RZLog. No sensitive information, like password is logged.

You can choose before sending a bug report to include activities. If this is selected in addition the log above, the internal database of activities saved on your phone is sent as well. This contains all the high level data (distance, heart rate, timings, etc) that allows reconstruction of the statistics page. In addition it will include all the details of the currently selected activity in the detail page (only one full detailed activity). These details contains all the gps points.

Because when you send a bug report, I ask for an email address so I can reply to you, in this case that data could be traced back to an individual with that email. But as mentioned before, I am the only one that receive that email or have access to the files where they are saved on my server. This by the way is the same server hosted by GoDaddy where I have host all the data for ConnectStats.

Conclusion

I hope this will relieve any concerns any one could have about privacy of their data in ConnectStats.

Happy to answer any more questions, and of course if anyone finds holes or gap in how I implemented ConnectStats, feel free to reach out either by comment below or via email or GitHub issue.

  1. ConnectStats Winter Sports Edition Leave a reply
  2. A few app updates 3 Replies
  3. Learning from Services Woes 1 Reply
  4. Getting the weather for an activity in ConnectStats Leave a reply
  5. New services and Withings working again 4 Replies
  6. New Service not working well 5 Replies
  7. Dark Mode and New Service 1 Reply
  8. Preview of dark mode for iOS 13 Leave a reply
  9. New Garmin Service Integration 4 Replies