How HealthKit Shares Your Apple Watch Data with Third-Party Apps

TL;DR

HealthKit is the central repository for Apple Watch health data on iPhone. Third-party apps can only access the specific data types a user explicitly grants them — separately for reading and writing — and cannot see what permissions other apps hold. Data is stored using iOS Data Protection (inaccessible when the device is locked) and is end-to-end encrypted in iCloud when two-factor authentication is enabled. Apple prohibits health data from being used for advertising, and all HealthKit-using apps must provide a privacy policy. Users can review and revoke permissions at any time in Settings → Health → Data Access & Devices.

---

How the permission model works

Every app that wants to access HealthKit data must request permission from the user. These requests are granular in two dimensions: they are specific to each app and specific to each data type. An app wanting to read your heart rate and your sleep data must request those as two separate permissions, and the user approves or declines each category independently.

Permissions are also granted separately for reading and writing. An app might be granted permission to write workout data to HealthKit — so it can contribute data — without being granted permission to read your sleep data. This asymmetry allows fitness apps, nutrition trackers, and health devices to contribute data to the HealthKit store without necessarily gaining read access to data from unrelated categories.

If an app is granted write permission for a data type, it gains implicit read access to the data it wrote. If granted read permission, it can read data written by all sources — including Apple Watch.

According to Apple's Platform Security Guide (updated January 2026): "Apps can't determine access granted to other apps. In addition, apps can't conclusively tell whether they've been granted read access to health data. When an app doesn't have read access, all queries return no data — the same response that an empty database would return."

This last point is deliberate. If an app could detect that it was denied access to, say, your mental health data or your cycle tracking data, it could infer that you are actively tracking those things — which is itself sensitive information. The design prevents that inference.

---

Where to review and revoke access

All HealthKit permissions are visible and revocable in one place: Settings → Health → Data Access & Devices on iPhone. This screen lists every app and device that has been granted any HealthKit permission, along with the specific data types each can read or write. You can revoke any individual permission without affecting others.

Apple Watch sensors and built-in apps appear as sources here as well. If you want to prevent a third-party app from accessing new data you generate — after having previously granted access — you revoke the permission and it cannot read new data going forward.

---

How HealthKit data is stored and encrypted

Health data stored in HealthKit uses iOS Data Protection class Protected Unless Open. This means the data is cryptographically inaccessible approximately 10 minutes after the device is locked. It becomes accessible again when the user unlocks the device with their passcode or biometrics. The only exception is workout-related data during an active workout session: when an app uses Apple's HKWorkoutSession API, relevant data remains accessible while the device is locked for the duration of the session.

In iCloud, health data protection depends on whether two conditions are met:

• iOS 12 or later is installed on the device
• Two-factor authentication is enabled for the Apple Account

If both are met, health data is end-to-end encrypted — Apple does not hold the encryption keys and cannot access the data. If two-factor authentication is not enabled, data is still encrypted in storage and in transit, but is not end-to-end encrypted. Apple encourages enabling two-factor authentication, and once it is enabled on a device running iOS 12+, existing health data is migrated to end-to-end encryption automatically.

For local device backups (via Finder or iTunes), health data is included only in encrypted backups. If you create an unencrypted backup, health data is excluded.

---

What third-party apps are prohibited from doing

Access to the HealthKit API requires an Apple entitlement — a code-level permission that Apple reviews and grants as part of App Store approval. Apps with HealthKit entitlements must comply with explicit restrictions:

• No advertising use: Health data cannot be used for advertising purposes, including serving targeted ads or selling data to ad networks.
• Privacy policy required: Every app that accesses HealthKit must provide a privacy policy that describes how it uses health data. This policy must be surfaced to users before they grant access.

These restrictions apply to all HealthKit data regardless of the data type or how sensitive it appears.

Important distinction: access is not the same as containment. HealthKit's permission system controls what data an app can read from the local HealthKit store on your iPhone. It does not control what the app then does with that data once it has it. An app you grant read access to your HRV and sleep can lawfully upload that data to its own servers — including servers outside the EU — provided its privacy policy discloses this and provided Apple's HealthKit terms (no advertising use, no sale to data brokers) are respected. The protection you get from the iPhone-side permission model is real but bounded: it determines whether an app sees the data, not where it travels next. To understand what an app actually does with the data after it leaves HealthKit, the relevant artefacts are the app's privacy policy, its App Store privacy labels, and — for EU users — its GDPR notice and data-processing disclosures.

---

Health data sharing between users and with providers

Two additional sharing features are built into the Health app:

Health sharing between users (iOS 15+): Users can share their Health data with another person — such as a family member or carer — using an end-to-end encrypted iCloud connection. Both participants must use iOS 15 or later and have two-factor authentication enabled. Apple cannot access data shared through this channel.

Share with Provider (United States, with enrolled institutions): The Health app allows users to share selected health data categories directly with enrolled healthcare organisations. This data is transmitted using end-to-end encryption, and Apple does not hold or have access to the encryption keys for this channel. Participating healthcare organisations receive only the data categories the user selects.

---

What this means for apps like Sam Health

Sam reads Apple Watch data from HealthKit on your iPhone — including HRV, resting heart rate, sleep stages, wrist temperature, SpO2, Cardio Fitness, and Mindful Minutes — using the standard HealthKit permission model. You are asked for each data category when you first connect Sam, and you can review or revoke those permissions at any time in Settings → Health → Data Access & Devices. Sam cannot access data types you have not granted, and cannot see what access any other app on your phone has been given. For a full breakdown of which Apple Watch sensors generate each data type, see our complete sensor breakdown for 2026. For context on why Apple deliberately withholds interpretation of the data it collects, see why the Health app shows numbers but no meaning.

---

Sources

• Protecting access to user's health data — Apple Platform Security Guide, updated January 2026. Accessed 16 May 2026.
• Authorizing access to health data — Apple Developer Documentation. Accessed 16 May 2026.
• Health app data Share with Provider FAQ — Apple Support. Accessed 16 May 2026.