Report: Fitness Apps May Compromise Military Security
Fitness apps used by soldiers may have inadvertently revealed their location and activities while deployed overseas. They've been warned to activate privacy options that can prevent data collection.
The problem is with an app called Strava, which lets users track their activity when they go running or cycling. It goes beyond some apps that simply allow individuals to keep their own records or choose to share them with friends for motivation or suggested routes.
Instead, Strava combines all the data collected from a reported 27 million users and produces "heat maps" that show the most popularly used routes over the past couple of years. The idea is that users can look for such routes both for inspiration and as a sign they may be particularly suited to running, for example with little traffic or having a pleasing landscape to run through.
Bases Unintentionally Mapped
A university student studying international security spotted that several of the displayed routes are of or around US military bases in foreign countries with elevated security risks. (Source: bbc.co.uk)
The routes appear in different colors based on how frequently they are used. That means that even though the location of the base may already be public knowledge, the routes can show movement patterns within the base and clues about buildings. This could help enemies target missile attacks from beyond the base border.
Another possible problem comes with the routes outside the base. These could be areas which soldiers use for running because they feel safer there. That might in turn let enemy forces know where they could pick off targets.
Privacy Too Confusing
While the app isn't necessarily widely used among soldiers serving overseas, that's a problem in itself. Because so few people are using the app in remote regions, even a single user's route could stand out enough to appear on the maps.
While it might seem obvious for soldiers to consider the risks of such apps, privacy settings may be an issue. The app does have settings that either mark a specific run or ride as private, or automatically set all activity in a specific area to be marked as private. The routes and other details are then excluded from the "heat maps." However, critics have previously argued it's too complicated to keep track of these settings. (Source: qz.com)
What's Your Opinion?
Do you consider this a significant risk? Should military staff stop using apps with location tracking at all while on deployment? Could companies give clearer information about privacy settings?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
1. Of course it's a
1. Of course it's a significant risk.
2. Yes, but it won't do any good. Almost all apps collect some kind of data. If nothing else, then an IP address.
3. Yes, but they won't. It's like a mile-long EULA. The Co. can do anything with the info it gathers. You have no rights after the EULA. You agree to ALL court costs if you choose that route...if the EULA does not mandate arbitration. The 'store' could put limitations on data collection by all apps. That would be the easiest way to protect consumers.
Anyone that needs exercise routes to determine building locations has not used google maps. One thing I can see the app data giving up is troop movements, especially if using the app is a unit effort.
Product research has gotten worse than living in a small town. Nosy, nosy, nosy. Everybody wants to know your business!