A security researcher discovered that malicious apps for Fitbit devices can be uploaded to the legitimate Fitbit domain and users can install them from private links.
With some social engineering, hackers could take advantage of this and trick users into adding apps to obtain the wealth of personal information typically collected from Fitbit device sensors or the phone.
Fitbit develops fitness activity tracking wearables (smartwatches, bands) providing the user with metrics like number of steps walked or steps climbed, heart rate, sleep quality, along with activity history. Various mobile apps (health, games, music, utilities) from Fitbit and its developer community are published in the official
Fitbit Gallery.