TL;DR: Cheap smart watches might not be worth it. The author tried to export data from one but couldn’t find a way. Discovered the watch is a white label of an IDO smart watch and found a similar one on Amazon for $39. Connected it to the Ryze app and got it to work. Explored reverse engineering the Bluetooth Low Energy connections and found no authentication steps, making it vulnerable to anyone accessing data or performing firmware updates. Revealed the lack of security in most similar devices and decided to disclose the issue openly. Website built to download health data but may not work for most devices. More potential security vulnerabilities remain unexplored.
https://sprocketfox.io/xssfox/2025/02/09/ido/