Polar fitness app leaks military personnel locations

Polar’s fitness app made it dangerously easy to track soldiers and secret agents worldwide

Polar’s popular fitness app inadvertently revealed military personnel’s addresses

Bellingcat's investigation found that the privacy settings used by 6,460 Polar users meant that they could be located through the activity they had shared from their fitness devices.

The Explore component of Polar Flow was meant to show anonymous data on its users and their activities around the globe, displaying it in a similar fashion to the activity map that was responsible for Strava's woes earlier in the year.

A statement from the company last week, confirms that public location data "could provide insight into potentially sensitive locations" however they claim it is not the case for all users as "there has been no breach of private data".

Earlier in the year, a report revealed how Strava fitness app was revealing information of its users, unwittingly leaking details of military bases in several places, including Afghanistan, Iraq and Syria.

Mr Postma used Polar Flow to find a Dutch military base and a person regularly running in its vicinity.

Using Polar researchers were able to track personnel training on bases that host nuclear weapons, security personnel, embassies, military personnel, who specializiruetsya on carbazic, it, missile defense, intelligence, personnel working on submarines and underwater bases, employees of nuclear power plants.

According to De Correspondent, only about two percent of Polar users chose to share their data, but that nonetheless allowed anyone to discover potentially sensitive data from military or civilian personnel.

Polar monitors heart rate, location, route, date and time of the training, the information can be shared on the social platform.

China Releases Liu Xia from House Arrest, Allows Her to Leave Country
Liu Xia is reportedly suffering from severe depression and a range of physical ailments, including a heart condition. He was last arrested for his role in creating Charter 08, a call for political changes in China.

In a statement, the company stated it was suspending the Explore API but also denied there was any leak of information.

The investigation found the names and addresses of personnel from multiple intelligence agencies including the NSA, US Secret Services, and MI6.

What this is actually saying is that users have the option to mark their data as private via the user profile page in the app. Marking it private will also prevent the service from sharing information to third-party apps such as Facebook.

While showing fitness activity is a norm, Polar goes a step ahead by showing all the exercises that an individual has done since 2014, all over the world on a single map. Unlike similar functionality to Garmin and Strava, Polar publishes more data every user.

"As always, check your app-permissions, try to anonymize your online presence, and, if you still insist on tracking your activities, start and end sessions in a public space, not at your front door".

If you're a Polar user and aren't keen on having your own data out there for the world to see, make sure you have your profile marked as private (which, thankfully, is the default setting).

De Correspondent also provided how-to-guides for securing data collected through the Polar, Endomondo, Runkeeper, Runtastic, and Strava apps.

Latest News