What CASA means for GoogleFit
- Written by: Thryve
- 4 minutes
What is required to draw data from Google Fit?
What is a CASA assessment?
To draw data from Google Fit, apps must certify their trustworthiness and compliance through a CASA assessment. CASA is the abbreviation of Cloud Application Security Assessment.
CASA is a predefined audit scheme, that builds on criteria around data transparency as well as security guidelines (derived from the OWASP). Certificates like SOC2 or ISO27001 help within the process, but are not accepted as a substitute for a CASA certification. Although Google announced detailed audits for services accessing Google Fit data as early as 2020, it only started enforcing CASA audits in 2023.
When is a CASA assessment required?
What happens in a CASA assessment?
Auditors assess whether processing and use of data is transparent to end users and follows secure guidelines. This covers the way consent is given, the display of data accessed as well as safety. Services can start their own assessment directly online. Thryve can help with readymade information and details about the technical process of actually drawing data from Google Fit.
How can services get a CASA certification?
Per default, services can self-audit. Services can answer a set of questions online, which are then reviewed and assessed. When accessing sensitive scopes such as health & fitness data, a 3rd party audit is usually required. Google has defined a list of accepted auditors that can do CASA audits, available online. These encompass specific security agencies, but also consultancies like KPMG. As of 2024, Google was not accepting new auditors for its Casa assessments.
What’s the price of a CASA assessment?
The first step of a CASA assessment can be done alone and free of charge. If a dedicated auditor is mandated for a CASA assessment, the costs vary according to the extend of the app and your preparation. Expect costs for a CASA assessment between 1.000 and 5.000 Euro.
How does Thryve help accessing Google Fit data?
Thryve provides a safe and compliant integration with Google Fit. Through full maintenance of the Google Fit API integration, coupled with a tiered system of Google Fit scope activation and tailored data storage, Thryve takes care of the heavy lifting in compliant data access from Google Fit. As the trusted partner of the most demanding organizations globally, Thryve supports insurances, registered medical devices and government bodies in accessing and understanding health and wellness data. All our partners have yet successfully completed a CASA assessment and are approved for data access at Google Fit.
What’s more? Thryve’s partners benefit from a unified data format across all integrated data sources, full maintenance and continuous extension with additional data types as well as targeted analytics providing actionable insights.
