You might remember that back in January, fitness app Strava was revealed to be giving away military secrets. The app, when used by military personnel, was giving the location of some potentially sensitive information. Well, it’s happening again – this time another fitness app, Polar, is unwittingly giving up sensitive military locations.
The digital investigation organization Bellingcat was able to scrape data from 200 sites around the world. From this, it gained information on exercises by nearly 6,500 Polar users. The level of detail Bellingcat was able to gain was remarkable. It was not only able to learn more about military locations – information that could be critical to national security – but also a startling level of information about the people that work on them.
The investigation echoes the Strava data leak. It emphasizes the (disturbing) privacy issues that fitness tracking applications have been unable to confront. But Bellingcat explains that Polar is actually one of the worst apps for publicizing private data. On Strava and Garmin, for example, it’s only possible to see individual exercises done by users. “Polar makes it far worse by showing all the exercises of an individual done since 2014, all over the world on a single map.”
Polar is reveals dangerous levels of detail about its users
Some of the information found by Bellingcat is terrifying. For example:
“A high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning. From a house not too far from that base, he started and finished many more runs on early Sunday mornings. His favorite path is through a forest, but sometimes he starts and ends at a car park further away. The profile shows his full name.”
The investigators also revealed they were able to cross-reference profiles with social media profiles. This could allow someone to build up a very detailed picture of a member of the military or security personnel. Some of these people have access to nuclear weapons.
Bellingcat’s advice to fitness app users
Bellingcat offers some clear advice to anyone using fitness tracking apps like Polar. Most of it sounds obvious, but it’s clear that even people that should be particularly careful aren’t doing it. “As always, check your app-permissions, try to anonymize your online presence, and, if you still insist on tracking your activities, start and end sessions in a public space, not at your front door.”
The results of the investigation are, perhaps, just another piece in a broader story emerging this year about techno-scepticism. Problems with tech have always existed, it’s only now that those are really surfacing and seem to be taking on a new urgency. This is going to have implications for the military for sure, but it is also likely to have an impact on the way these applications are built in the future.