I don’t use Android or iPhones because of privacy concerns.

I got into an accident over a year ago and have been in horrible pain. My employer has contracted with some healthtech company, Hinge Health, which provides videos and instructions to help people reduce pain.

They have no website, of course, and only have an Android App or iPhone App.

I kept ignoring their emails spamming their product, despite really needing it, but then they said if I signed up I could get a free massager. This would really help me.

So I signed up using the web, thinking things had possibly changed and added web features, and after that they told me I had to download the App and do a lesson to get the massager.

I expressed my frustration to them and said I couldn’t do it. I am poor, I don’t have a smart phone nor do I want one. I told them this hoping they would give me the messager. Instead, they said they could send a free tablet to help. I was like, great, thinking I’d turn off bluetooth, nearby device permission, location, and connect to WiFi only to a pihole to preserve some of my privacy, get a massager, and be in less horrible pain.

When the tablet arrived, it’s a Lenovo TB310FU or Tab M9. It was a beautiful tablet. So I turn it on and their corporate logo shows up, which was slightly concerning.

Then the tablet loads and there is their Hinge App, a Chrome Browser, and Settings, and that’s it. I made sure to turn off location, turn off WiFi, not connect to anything, and keep bluetooth off, although in the 5 seconds before that happened I’m sure it collected data on all nearby networks and devices. Then I go into the settings to try to figure out what’s happening.

There’s an admin account attached and also an app called Esper. For Esper, it can’t be uninstalled and it has access to location, nearby device permissions, bluetooth, and every permission that is available and none of them can be turned off. Esper is listed as an admin App.

I also am unable to reset the tablet and it said “Blocked by your IT administrator.”

Since I am using a health device, it felt extraordinarily invasive to me. I do not trust big tech or health tech to keep my data safe, I’ve had data breaches before, and I also don’t entirely understand why this company needs to know my nearby devices if it’s just for health. Even though I made it clear I reserve my HIPPA rights and opt out of research, those are still on.

What was frustrating is this was presented to me in a way in which I thought it was a free tablet. After I got it and looked at it more, I wasn’t sure whether it was free or not or if they thought they were letting me borrow it and they expected it to be returned. I also wonder if they are giving the tablet to me for free and somehow monetizing marketing data.

I contacted them about returning it, since I didn’t feel comfortable with them having root access to a Tablet that collect data and interact with other electronics nearby when it’s a health device. They said they understood and would send something to return it.

The Esper Device Management also access “physical activity” upon turning it on, which seems invasive and I can’t turn that off. Keep in mind, I haven’t even opened the Health App.

I have two concerns. 1) I am actually still in pain. It would have been nice to use this Hinge App in an isolated environment where I didn’t feel like it was collecting nearby devices information and GPS coordinates and other things which didn’t seem related to health issues. 2) This tablet may have already collected information through bluetooth, GPS, WiFi, etc, and although I haven’t connected it to the Internet, if I send it back to them then that information can go into their network, which I really didn’t want and never would have agreed to.

So, my main question is whether I can use something like adb in a terminal to get into this app and break Esper, root it to something like Calyx or Bliss, and use the App without permissions being enabled in the OS like this to reduce my pain. Would this be possible? I don’t want to go down this rabbit hole if it’s a waste of time. I would also be happy if I could just wipe the tablet prior to returning it.

I would also have to check with the company to see if it’s even allowed to root it. This is a company that is also contracted through my employer and I am worried if I do anything that they don’t like, it could cause trouble with my employment, but it seems unlikely.

The other thing is whether there is a way to delete any data Esper stored. I am not able to “Erase all data” and when I try it says “Blocked by your IT admin.” So it seems totally managed.

And I never would have agreed to this had I known this was a managed device and I also can’t purge it of collected data that isn’t related to health that I didn’t consent to being collected.

This is just so frustrating because I really am in a lot of terrible pain, but I really go out of my way to never use any Google or Apple products in my personal life because of privacy concerns, and I thought I could make an exception but limit it and it turns out it’s 1000 times worse than a normal tablet.

Am I overreacting? I told them I would send it back, but it now likely has nearby device data and information about my personal network and other info I did not want to share and I can’t delete it, nor do I even know what was collected.

  • JASN_DE@feddit.org
    39·
    19 hours ago

    1. It’s a device provided by someone else through your employer. It would be best not to mess with it in any way that’s not already provided by the device (e.g. rooting it)

    2. all the infos on nearby devices have already been collected over and over by your neighbours and people walking around outside.

    • WhyJiffie@sh.itjust.worksEnglish
      6·
      16 hours ago

      all the infos on nearby devices have already been collected over and over by your neighbours and people walking around outside.

      aaand now that is also attached to their name.

    • totallysober92@lemmy.worldOP
      43·
      19 hours ago

      it feels invasive in principle. If they had said it was a managed device, I never would have accepted it.

      data brokers do not know which devices are nearby me. i use linux. no one collects anything where i am. and now databrokers are able to know which specific devices are around me, meaning that if I buy a smart device in cash and set it up, data brokers will be able to infer it’s me based on the proximity of nearby devices collected by this health tablet. that actually is invasive, data brokers and smart devices are that good at inferences, and i feel like I was duped into this.

      • fuckwit_mcbumcrumble@lemmy.dbzer0.comEnglish
        21·
        18 hours ago

        If they had said it was a managed device, I never would have accepted it.

        Did you really expect them to just give you a 100% free tablet out of the goodness of their hearts no strings attached? If a company gives you a device without any management then they have incompetent IT staff.

        • Droechai@lemm.ee
          1·
          3 hours ago

          I beg to differ! The association I work for allow me to root any device they give me and our IT isnt… Oh, I’m their tech guy. Maybe I would be incompetent.

          /J

          I’m not rooting my work stuff for the simple reason of being on the samish OS (Win11 in different flavors) as the users so I keep myself up to date on the systems behaviour

      • ramble81@lemmy.zip
        10·
        18 hours ago

        no one collects anything where I am

        How do you know that? If you live in a neighborhood signals bleed all over the place and undoubtably they have information on you.

        Or if you’re in the middle of nowhere, if you’ve ever had any friends or family over, their phones most likely scanned what’s around too.

        No one can live in a bubble anymore.

        • WhyJiffie@sh.itjust.worksEnglish
          11·
          16 hours ago

          How do you know that? If you live in a neighborhood signals bleed all over the place and undoubtably they have information on you.

          I think OPs body does not emit radio signals

      • notabot@piefed.socialEnglish
        9·
        18 hours ago

        Bear in mind that they already have your home address, as they sent the tablet to you, that address is geolocated, and anyone with a phobe passing near you will have enumerated any wifi networks and possibly bluetooth too and geolocated those.

        They already know what devices are around you unless there’s not been a phone within range since you got them.

        You were sent the tablet in order to be able to access the the app they provide. I strongly suspect that it is actually a loan, and they will want it back when you are finished with it. Given that, you shouldn’t even attempt to root it. Use it for what it is intended for, gain some benefit from that, hopefully get your massager, and return the tablet when you’re finished with it.

        Unless you deliberately give them more information, there’s not much new they can gain about your environment from the tablet. What you do in the app is going to be much more valuable data to them as it’ll give them information about you and your health that they could not gain any other way.

  • SwizzleStick@lemmy.zipEnglish
    23·
    19 hours ago

    You are not overreacting for wanting the services offered without the egregious data harvesting requirement. However, that’s the level of service your employer pays for. Price of admission.

    Attempting to fiddle with the device when it is clearly externally managed is a bad idea, especially now you have put the gears in motion for a return.

    You are overreacting by thinking that they will obtain anything valuable or anything that can be leveraged from it, if returned now in the state you leave it.

    Your employer has already shared plenty of information about you with the provider simply by enrolling you in whatever health plan this is. That horse has long since bolted and the barn door is swinging in the wind.

    The device data will add nothing useful to what they have already, unless you actually use it.

    I assume the app is internet dependent & any self-sourced device using the app would just give up data regardless, or that the app would not function if you successfully castrated it.

    In your position, the only way forward while keeping your scruples is to either convince the provider to give you the item without the bullshit, or seek alternative options.

  • rc__buggy@sh.itjust.works
    19·
    19 hours ago

    Just power it down and send it back. The tiny snapshot of data it got when you powered it up is of little concern.

    Honestly no one will likely look at it, IT is just going to reimage it and ship it again.

  • can_you_change_your_username@fedia.io
    3·
    14 hours ago

    How much personal information is going into the intended use of the tablet? If all you need to do is watch some videos can you take it to a public library or a McDonald’s? Does your Dr’s office have wifi or could you watch it at work?

  • Blue_Morpho@lemmy.world
    101·
    19 hours ago

    There’s no privacy concern. They sent you the tablet so you could watch the training video. They need to know you watched the instructional video so that’s not a privacy intrusion.

    Watch the video and turn it off.