Apple Watches are fashionable, hi-tech, and expensive, with prices ranging from £250 to more than £800. There are plenty of cheap lookalikes online – but our latest investigation suggests you should think twice before buying one.
We tested cheap smartwatches and fitness trackers sold online – including one formerly listed as an Amazon bestseller and from a brand endorsed by Amazon as 'Amazon's Choice' – and found worrying security flaws.
The products we tested all looked remarkably similar to popular (and much pricier) Apple, Fitbit and Samsung devices, with customers raving over the visual similarities in reviews, and one product being described outright as a 'Fitbit'
Unlike the Apple, Fitbit and Samsung models we've tested, though, they all had security flaws. Problems our investigation uncovered included:
- excessive data collection
- data not being stored securely
- no way to opt out of data collection
- none had a security lock function to stop thieves using them.
And don't count on them to track your fitness properly either.
Here's what you need to know about cheap online smartwatches.
Tips for living well - get our free Food & Health newsletter: shop savvy, eat well, stay healthy
Security flaws found in smartwatches bought online
undefined
We asked cyber security consultants Modux to test 12 smartwatches and fitness trackers being sold on AliExpress, Amazon, eBay, Shein and Wish.
The watches cost between £2.07 and £29.99 and were from brands including Aswee (whose smartwatches are still, at the time of writing, being recommended as Amazon's Choice), Briame, Cobrafly, Colmi, IWO and more.
What the testers found worried us.
Excessive location tracking
Tracking your location isn't, in itself, a bad thing to do. Smartwatches and fitness trackers are, after all, designed to measure your progress against goals and help you stay connected and informed, and they'll sometimes need to know where you are to be able to do that.
But to comply with General Data Protection Regulation (GDPR) laws, data should be collected for a clear purpose, such as to track your running route or help you navigate your journey. It shouldn't be hoovered up willy nilly.
Eight of the watches tested track your precise coordinates, not your general whereabouts. Supposedly, this precise tracking is all for weather reporting – even though they do it regardless of whether or not you’re using the weather app.
The watches were (name as described on site):
- Briame D20 Pro Smartwatch Y68 (£2.07, AliExpress)
- Briame M6 (£2.20, AliExpress)
- ID115 Plus Sports Fitness Tracker Watch Heart Rate Blood Pleasure Activity Monitor Fit-Bit (£2.89, Ebay)
- IWO 14 Pro Series 7 (£12.79, AliExpress)
- For Fit-Bit Fitness Smart Watch Band Sport Activity Tracker Adult Kid Fitbit Step Counter (£12.98 Ebay)
- Cobrafly P8 (£15.31, AliExpress)
- Chuyong 2022 New Women Bluetooth Call Smart Watch Heart Rate Blood Pressure Monitoring Smartwatches IP67 Waterproof Men Smartwatch + Box (available at time of purchase from AliExpress, £20.44)
- Aswee PUO1 (£29.99, Amazon, pictured below)*
The IWO Pro Series 7 (£12.79 from AliExpress) was one of the worst offenders. It asked for precise location data more than 250 times in five minutes. Unless you have a personal rain cloud hovering over you, you don't need such accurate weather data.
If worn most of the time, as smartwatches and fitness trackers are designed to be, it could very quickly build up a detailed picture of where you live and work, and when you're typically at home or away from it. Not data you want to hand over to an unknown entity.
Three other models (the Aswee PUO1, Colmi P6 and Lige New Smartwatch £18.87, Ali Express) require location permissions to be always-on, so you can't escape unless you take the watch off.
Two more watches from Shein and eBay ask for masses of unnecessary data. Both were unbranded, but the full names on site were:
- Full Touch Screen Call Smart Watch Compatible with Bluetooth, £18.24 from Shein
- Smart Watch Fitness Sport Activity Tracker Heart Rate Monitor For Cellphone, £7.67 from Ebay
Both use the same 'HryFine' app.
If you deny permission for the watches to collect ‘personally identifiable information and personal property information’, including passport, transactions, bank balances, ID cards and military officer cards, then the app is unusable.
ID cards and military cards aren't relevant to us in the UK, but you still need to ask yourself who wants this much highly personal data and why.
The data policy says all this is for 'targeted advertising'.
Data not being stored securely
undefined
The 'Szos' app, used by the IWO 14 bought on AliExpress (pictured above), stores all data on infrastructure controlled by the seller, instead of on the watch or phone. In other words, every time you want to view your own data, you may not realise it but you’re requesting it back from the seller.
This matters because you have no way of knowing it's being stored securely, and you can't delete it. You have no control over whether the seller views it directly and sells it on - for marketing or for any other purpose.
Lack of encryption
Neither the IWO nor the Aswee products encrypt your data when sending it to and from their back-end services. So, if a hacker intercepted your data, they’d be able to read it.
Even if you’re careful never to connect to unsecured wi-fi, and use a virtual private network (VPN) instead, you have no control over other parts of the network through which your data is travelling. So it's still important for your data to be encrypted.
None of the devices we tested asked for a pin after being dormant for a long stretch either. So, if a thief got hold of one, they could use it - and they could access and modify any data stored on it, making these products (and your data) vulnerable if they get into the wrong hands.
Apple Watch reviews - see how the real deal compares to cheaper mainstream rivals in our tough smartwatch tests
Smartwatches and fitness trackers sold online missing CE or UKCA marks
It's not just poor data security that gave us cause for concern with the cheap smartwatches and fitness trackers we tested, they also lacked key certification information, and we had doubts about some of their abilities to track stats accurately too.
A wearable must have a CE mark or UKCA mark to be sold legally in the UK, as it shows that the product conforms to EU safety directives or the UK replacement, the UK Conformity Assessment marking.
The mark doesn't need to be on the product itself; it could be on the packaging or accompanying paperwork.
All the mainstream wearables we test have one on the box, but three of the cheap online marketplace devices included in this investigation (Cobrafly P8, Briame M6 and For Fit-Bit Fitness Smart Watch Band Sport Activity Tracker) had no CE marks or UKCA marks visible.
Cheap fitness tracker accuracy issues
We didn't put these models through the same in-depth testing we subject other wearables to, because it became clear early on that we'd never recommend them anyway, given the issues above.
However, our experts did notice the Colmi P6 and the unbranded 'Smart Fitness Watch Sport Activity Tracker' displayed heart rate and blood oxygen measurements, and credited our testers with steps, while not in use and simply resting on a table.
This shouldn't be possible, and suggests they are at best inaccurate and at worst useless.
The conclusion? The old adage 'If it looks too good to be true it probably is' rings true for ultra-cheap lookalike tech online, based on our snapshot test.
While we haven't tested every bargain basement Apple, Fitbit or Samsung lookalike, so we can't say that they're all cheap tat with worrying security flaws, that description applied to 100% of the random selection of popular models we tested, which doesn't make the odds high for finding a winner.
Cheap Apple Watch alternatives
undefined
Your options aren't limited to forking out for an Apple Watch or taking a risk on an ultra-cheap lookalike. There are plenty of quality cheaper wearables out there that are worth considering.
We've rounded up some good options for under £100 (pictured above, from right to left). They may not offer the sophisticated smart technology you'll get from pricier products, but all performed well in our tests and, crucially, passed our privacy and security assessments.
You can click on the product names to read our full independent review, and see the best current prices below:
Amazfit GTS 2 Mini (£60) - A smaller version of the Amazfit GTS 2, as its name suggests. It's waterproof for swimming and has built-in GPS for phone-free route-tracking, heart rate monitoring and more.
undefinedXiaomi Redmi Watch 2 Lite (£70) - Easy to use, has a long battery life and offers heart rate monitoring and GPS, plus you can wear it for swimming.
undefinedXiaomi Redmi Smartband Pro (£39) - Doesn't have built-in GPS, but instead uses the GPS on your phone. It does have heart rate monitoring, though.
undefinedIf you're not fussed about resemblance to Apple, you've got some lower-cost options. The Samsung Galaxy Fit 2 is a few years old now, and doesn't have built-in GPS, but it does have heart rate monitoring and you can safely keep it on in the pool.
These options are all compatible with Android phones as well as Apple ones (whereas Apple watches only work with iPhones).
Head to our smartwatch reviews and fitness tracker reviews to see all your options and find the best for your budget.
How can I get a cheap Apple Watch?
Another option is to buy an older Apple Watch. We saw the Apple Watch Series 7 models reduced over the Black Friday weekend, so it's possible there will be other good deals on over Christmas and into the New Year.
You could also buy a second-hand smartwatch from Apple's refurbished store. Buying direct from Apple's refurbished store, it will come with a one year warranty and you can be sure it's fully functioning and no longer linked to the previous owner's iPhone.
Toying with the idea of buying an Apple Watch? Our guide to the best Apple Watches runs through all you need to know.
How to avoid dodgy tech when shopping online
If you're trawling the web for cheaper smart tech gadgets, you're likely to come across a large number of products from brands you might never have heard of.
Not all little-known brands will take data security less seriously than the bigger brands, but it's hard to tell which is which when browsing. And the scale of the problem is huge: in 2020, we exposed more than 100,000 cheap security cameras inviting hackers into your homes.
Here are some tips to bear in mind:
- Check reviews (carefully): Ignore the 5-star reviews – our investigations into fake reviews repeatedly show that there are sellers who request 5-star reviews. Read reviews at 4-stars and below, as they're less likely to be incentivised. Find out more about how to spot a fake review. Check professional reviews, such as our independent smartwatch reviews and fitness tracker reviews, which are based on lab tests, and include security tests.
- Check the brand: Unheard of doesn't necessarily mean disreputable. A small smartup may not have yet built up a big enough customer base for you to know of it, for example. But do check Trustpilot if you know nothing about the brand. A brand with a good reputation has more to lose, and therefore more incentive to take data security seriously. No brand name at all should be a red flag. An Ebay search for 'smartwatch' brings up thousands of listings for unbranded smartwatches.
- Check the contact details: Is there any way to contact the company's support team if something goes wrong?
- Only give up the data you're comfortable with: If, once you've bought a device, you're not comfortable with the data policy, don't agree to it. Bear in mind that might mean you can't use the device, and you may or may not be able to get a refund. It's worth also checking the refund policy before you buy.
- Set up a secure password wherever you have the option and don't use unsecured wi-fi: This will only take you so far, though, - it won't protect you if the product has fundamental security flaws.
- Is it too good to be true? If a super-cheap smartwatch claims to offer blood pressure monitoring, pulse oximetry, heart rate monitoring or any other hi-tech functionality for less than the price of a sandwich (or far less than mainstream brands), it's worth thinking twice.
End unsafe products on online marketplaces
Remarkably, until recently there was no legal requirement for a smart product to meet a basic level of security, even though time and again Which? research has demonstrated a 'wild west' of standards in the market, with hackable products being sold to UK consumers.
That's now due to change. We worked closely with the government on the Product Security and Telecoms Infrastructure Bill which has now received Royal Assent to become an Act of Parliament.
The new law, which we understand to include smartwatches, will, after a 12 month implementation period, introduce minimum security standards which manufacturers, importers and distributors of smart devices need to comply with. Online marketplaces are included in the definition of distributors.
Find out more about new security laws for smart devices and Which?'s campaign for online marketplaces to take greater legal responsibility for the products sold through them.
We also shared our latest dodgy smartwatch test findings with the Information Commissioner's Office (ICO), the government department responsible for information rights and data privacy.
Smartwatch security issues: how the online marketplaces responded
We shared our findings with the online platforms where we found these products sold, and asked them to remove the products in question.
AliExpress removed the products we flagged promptly, and Shein has removed them while they investigate. The product being sold on Wish was already out of stock by the time we completed our investigation, but Wish took action to remove any they deemed similar.
eBay removed the watch that did not have a CE or UKCA mark but said the others did not violate eBay policies. Amazon is still investigating.
Ali Express told us:
‘Safety is important to us and we work hard to protect customers on our platform. Although AliExpress does not take custody of the goods being sold, we have policies that all our third-party sellers must comply with. We welcome the information Which? has provided and have removed the items.’
Amazon told us:
‘We are investigating these products. We have proactive measures to prevent non-compliant products from being listed. When appropriate, we remove products, reach out to sellers, manufacturers, and government agencies for information, or take other actions. We protect every purchase with our A-to-z Guarantee. If customers have concerns, we encourage them to contact Customer Service’
eBay told us:
‘Any product offered by our sellers must comply with any applicable law and eBay policies. We have reviewed these products and found that the majority do not violate our policies. However, we have removed the product that did not have sufficient documentation. We are also contacting the sellers of these products and informing them of the findings from Which? so that they can consider taking further steps. We take users’ privacy very seriously and recommend that when they purchase any internet-connected device they take any appropriate security precautions.’
Shein told us:
‘We have removed the product as a matter of caution whilst we conduct an investigation. Product safety and security are priorities for SHEIN, and we strive to comply with all applicable laws and regulations’
Wish told us:
‘Product and brand compliance, including product safety, is very important to us, so we thank Which? for bringing this to our attention. The item flagged was removed some time ago, but we have since removed certain identical items. We also have multiple remedies for reporting problematic listings.’
We contacted Colmi and IWO, the two manufacturers we found contact details for, and offered to share our findings.
We also made efforts to contact the individual product sellers, but received mainly automated responses.
*At time of writing another very similar-looking Aswee smartwatch is currently an 'Amazon's Choice' product. We can't be sure if it's the same model as it doesn't have 'PUO1' as part of its name. It's also worth knowing that we've previously caught sellers of Aswee smartwatches using unscrupulous tactics to get good reviews, such as sending vouchers in return for good reviews.
source https://www.which.co.uk/news/article/cheap-apple-fitbit-and-samsung-smartwatch-lookalikes-snooping-on-users-aWGm96j6KPOj