Fitness tracking app Polar Flow has been broadcasting the whereabouts of personnel at military bases and intelligence services across the globe, an investigation has revealed.
The app, developed by Finnish software firm Polar, allows anyone to access location maps in order to track users’ fitness activities. “For most users who set their activity tracking records to public, posting their workouts on Polar’s so-called Explore map is a feature and not a privacy issue,” says tech news site ZDNet.
However, researchers found that by tweaking Polar’s web address, even with profiles set to private it was possible to track 6,400 users exercising at top-secret facilities including MI6, the Government Communications Headquarters (GCHQ), the US National Security Agency (NSA) and the White House.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Investigators at Dutch news website De Correspondent and Leicester-based site Bellingcat were also able to identify the names of personnel at these sites, The Daily Telegraph reports.
Polar has acknowledged that the app’s public settings “could provide insight into potentially sensitive locations” and said it would temporarily disable activity maps.
However, the firm stressed that “there has been no breach of private data”.
“Currently, the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” the company said.
This is not the first time a fitness app has caused security concerns.
Popular activity tracker Strava came under fire in January after it emerged that widely available heat maps could be used to identify secret military locations.
The incident prompted the US military to review its policies on wearable smart devices and apps.
Create an account with the same email registered to your subscription to unlock access.