I don’t use Android or iPhones because of privacy concerns.

I got into an accident over a year ago and have been in horrible pain. My employer has contracted with some healthtech company, Hinge Health, which provides videos and instructions to help people reduce pain.

They have no website, of course, and only have an Android App or iPhone App.

I kept ignoring their emails spamming their product, despite really needing it, but then they said if I signed up I could get a free massager. This would really help me.

So I signed up using the web, thinking things had possibly changed and added web features, and after that they told me I had to download the App and do a lesson to get the massager.

I expressed my frustration to them and said I couldn’t do it. I am poor, I don’t have a smart phone nor do I want one. I told them this hoping they would give me the messager. Instead, they said they could send a free tablet to help. I was like, great, thinking I’d turn off bluetooth, nearby device permission, location, and connect to WiFi only to a pihole to preserve some of my privacy, get a massager, and be in less horrible pain.

When the tablet arrived, it’s a Lenovo TB310FU or Tab M9. It was a beautiful tablet. So I turn it on and their corporate logo shows up, which was slightly concerning.

Then the tablet loads and there is their Hinge App, a Chrome Browser, and Settings, and that’s it. I made sure to turn off location, turn off WiFi, not connect to anything, and keep bluetooth off, although in the 5 seconds before that happened I’m sure it collected data on all nearby networks and devices. Then I go into the settings to try to figure out what’s happening.

There’s an admin account attached and also an app called Esper. For Esper, it can’t be uninstalled and it has access to location, nearby device permissions, bluetooth, and every permission that is available and none of them can be turned off. Esper is listed as an admin App.

I also am unable to reset the tablet and it said “Blocked by your IT administrator.”

Since I am using a health device, it felt extraordinarily invasive to me. I do not trust big tech or health tech to keep my data safe, I’ve had data breaches before, and I also don’t entirely understand why this company needs to know my nearby devices if it’s just for health. Even though I made it clear I reserve my HIPPA rights and opt out of research, those are still on.

What was frustrating is this was presented to me in a way in which I thought it was a free tablet. After I got it and looked at it more, I wasn’t sure whether it was free or not or if they thought they were letting me borrow it and they expected it to be returned. I also wonder if they are giving the tablet to me for free and somehow monetizing marketing data.

I contacted them about returning it, since I didn’t feel comfortable with them having root access to a Tablet that collect data and interact with other electronics nearby when it’s a health device. They said they understood and would send something to return it.

The Esper Device Management also access “physical activity” upon turning it on, which seems invasive and I can’t turn that off. Keep in mind, I haven’t even opened the Health App.

I have two concerns. 1) I am actually still in pain. It would have been nice to use this Hinge App in an isolated environment where I didn’t feel like it was collecting nearby devices information and GPS coordinates and other things which didn’t seem related to health issues. 2) This tablet may have already collected information through bluetooth, GPS, WiFi, etc, and although I haven’t connected it to the Internet, if I send it back to them then that information can go into their network, which I really didn’t want and never would have agreed to.

So, my main question is whether I can use something like adb in a terminal to get into this app and break Esper, root it to something like Calyx or Bliss, and use the App without permissions being enabled in the OS like this to reduce my pain. Would this be possible? I don’t want to go down this rabbit hole if it’s a waste of time. I would also be happy if I could just wipe the tablet prior to returning it.

I would also have to check with the company to see if it’s even allowed to root it. This is a company that is also contracted through my employer and I am worried if I do anything that they don’t like, it could cause trouble with my employment, but it seems unlikely.

The other thing is whether there is a way to delete any data Esper stored. I am not able to “Erase all data” and when I try it says “Blocked by your IT admin.” So it seems totally managed.

And I never would have agreed to this had I known this was a managed device and I also can’t purge it of collected data that isn’t related to health that I didn’t consent to being collected.

This is just so frustrating because I really am in a lot of terrible pain, but I really go out of my way to never use any Google or Apple products in my personal life because of privacy concerns, and I thought I could make an exception but limit it and it turns out it’s 1000 times worse than a normal tablet.

Am I overreacting? I told them I would send it back, but it now likely has nearby device data and information about my personal network and other info I did not want to share and I can’t delete it, nor do I even know what was collected.

  • rc__buggy@sh.itjust.works
    link
    fedilink
    arrow-up
    23
    ·
    4 months ago

    Just power it down and send it back. The tiny snapshot of data it got when you powered it up is of little concern.

    Honestly no one will likely look at it, IT is just going to reimage it and ship it again.