Remember when we reported about the privacy dangers of the fitness tracking app Strava?
The service was outed earlier this year as a threat to national security when its “global heat map” was found to be giving away the location details of U.S. military personnel on active service.
It was noted that these kinds of fitness tracking maps have dangerous implications since malicious actors can establish exercise patterns and routes of U.S. soldiers in various locations around the world.
Strava may have already fixed the issue by making it easier for users to opt out of its heat maps altogether, but surprise, surprise – it’s not the only fitness app with exploitable maps that can put us in danger.
And this time, this app’s security risks are actually worse than ever.
Polar Flow security risk
Popular fitness tracking app Polar Flow has been reported to be inadvertently exposing the locations and sensitive information of military and intelligence personnel with its global activity map.
Polar Flow apparently has a flaw in its privacy settings that allows anyone to snoop on the location data of its users and worse yet, use that information to gather their real names and addresses.
According to Dutch website De Correspondent, Polar Flow’s “Explore” global map can keep track of a user’s activity over several years.
Since each Polar Flow user can be identified with the activity, anyone can use their exposed name and city to figure out where they live.
Additionally, De Correspondent said that Polar, the company behind the service, had a security flaw that allowed the investigators to get the information of users who had set their profiles to private. Polar’s API also didn’t put a limit on the number of data requests that someone makes, allowing anyone to pull up a user’s entire activity data without restrictions.
As you can imagine, although this flaw is already a privacy risk for millions of regular Polar Flow users, it can also be a national security risk since it can expose the location of government and military personnel stationed in various facilities around the world.
A threat to national security
De Correspondent investigators stated that they were able to identify around 6,460 users who used the fitness tracking app near sensitive locations including the NSA, MI6 in London, the White House and the Guantanamo Bay detention center in Cuba.
Not only that, the investigators were also able to get the names and information of agents of various foreign intelligence offices and even the staff of critical military installations like nuclear storage facilities, missile silos, and prisons.
In response to the reports, Polar has issued an official statement on Friday, apologizing for the security risks of its Explore maps.
The company has also temporarily suspended its Explore feature while it is figuring out the best options to secure it.
Polar insists that it has not leaked any data nor is there a breach of its private data
“Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” Polar wrote in its official statement.
But as usual, this latest incident is yet another reminder that when we allow our data to be tracked and recorded by any service, we are under the mercy of their own security measures and policies.
Listen to my free podcast
As I mentioned earlier, this is not the first time a fitness tracking app became a national security risk because of its location tracking feature.
Listen to this Tech News This Week podcast where Kim talks about Strava, the fitness social network that unknowingly exposed the locations of secret U.S. military bases and more.