Published: Tue, July 10, 2018
Medical | By

Polar fitness app exposed location of soldiers and government agents

Polar fitness app exposed location of soldiers and government agents

Polar's line of smart devices are able to connect to the company's fitness app, Polar Flow, where users can record their activities and routes on a publicly viewable "Explore" map. The research finds at least 6,460 users from 69 countries (including soldiers in volatile areas such as Baghdad or the Korean DMZ, NSA employees, and others) who used the service near sensitive facilities thereby leaking their whereabouts, including their home addresses. As per a couple of reports last week, Polar's fitness tracking app seems to have given away location and personal information of users residing or working in confidential locations including secret military bases, intelligence agencies, law and order agencies, on submarines, and at nuclear power plants. So someone exercising on a military base will not only reveal where the base is, but also where they live as fitness trackers are typically turned off when entering a home, and turned back on when leaving it several hours later (and usually overnight). Even sensitive personnel often used their real names, making them easy to identify.

That's not all; Polar also lets you view the entire exercise history of a user since 2014.

An investigation by a group of Dutch journalists found that the app Polar Flow made joggers' runs public on an online map accessible for all users. But it's still not a great look for the Finnish company - especially when you consider the data on show was much more revealing than Strava's location debacle - and we imagine it will now take steps to shore up any lingering issues regarding privacy.

'If your user profile is set to private, then your name/identity is not visible within Polar Flow'. Cross-checking one name and profile picture with social media confirmed one soldier or officer's identity. From a house not too far from that base, he started and finished many more runs on early Sunday mornings. A total of 650,000 exercise logs were discovered in the investigation. Hopefully this situation changes soon and for the moment the company's Explore API has been suspended.

The firm added that it had been aware that the potential existed for sensitive location data to appear in public information, saying that it had made a decision to temporarily suspend the Explore API, which allows users to share information about training sessions.

"We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing Global Positioning System files of sensitive locations", the statement reads.

Like this: