Premium Partners

Fitness App Data Could Expose National Security Info

Jason Scott

A popular fitness app has suspended a feature that maps user activity after a joint investigation by Dutch news websites De Correspondent and Bellingcat revealed an alarming amount of sensitive data on users.

Using the app Polar Flow, a property of Finnish-based fitness company Polar, journalists were able to reach fitness tracking data of users, regardless of privacy settings, by modifying a web address. ZDNet reports that the app could be improperly queried to retrieve the fitness activity of any user, including many who work in sensitive areas like government, military and intelligence.

The situation is reminiscent of a similar revelation earlier this year, when it was discovered that a global activity heatmap published by Strava based on data it had collected from its fitness app revealed sensitive information about the movements of soldiers and the locations of U.S. military bases.

From ABStrava Responds to Controversy with Opt-Out Redesign

The Polar Flow data was so easily manipulated that it reportedly could reveal users’ home addresses, and whether those users were tracking their exercise in sensitive locations. Journalists were able to identify thousands of users believed to be exercising in or around areas such as the White House, the NSA, London’s Mi6 headquarters, the Guantanamo Bay detention center, and military bases around the world. De Correspondent explained their process in a piece baring the headline: “Here’s how we found the names and addresses of soldiers and secret agents using a simple fitness app.

Polar announced in a statement released Friday that it has temporarily disabled the app’s Explore feature, and also tried to quell concerns.

“It is important to understand that Polar has not leaked any data, and there has been no breach of private data. Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” the statement reads. “While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API.”

Buyer's Guide
Information on more than 3,000 companies, sorted by category. Listings are updated daily.
Learn More
Buyer's Guide
AB Show 2022 in Orlando
AB Show is a solution-focused event for athletics, fitness, recreation and military professionals.
Learn More
AB Show