Running app Polar Flow exposes locations of spies and military personnel

Investigators say workout data can also be used to identify staff at classified facilities such as MI6 and White House

GCHQ is planning to expand from its current base in Cheltenham
Fitness maps tracked personnel at top-secret sites including the GCHQ intelligence facility in Cheltenham
(Image credit: Ben Birchall/AFP/Getty Images )

Fitness tracking app Polar Flow has been broadcasting the whereabouts of personnel at military bases and intelligence services across the globe, an investigation has revealed.

The app, developed by Finnish software firm Polar, allows anyone to access location maps in order to track users’ fitness activities. “For most users who set their activity tracking records to public, posting their workouts on Polar’s so-called Explore map is a feature and not a privacy issue,” says tech news site ZDNet.

However, researchers found that by tweaking Polar’s web address, even with profiles set to private it was possible to track 6,400 users exercising at top-secret facilities including MI6, the Government Communications Headquarters (GCHQ), the US National Security Agency (NSA) and the White House.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.


Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Investigators at Dutch news website De Correspondent and Leicester-based site Bellingcat were also able to identify the names of personnel at these sites, The Daily Telegraph reports.

Polar has acknowledged that the app’s public settings “could provide insight into potentially sensitive locations” and said it would temporarily disable activity maps.

However, the firm stressed that “there has been no breach of private data”.

“Currently, the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case,” the company said.

This is not the first time a fitness app has caused security concerns.

Popular activity tracker Strava came under fire in January after it emerged that widely available heat maps could be used to identify secret military locations.

The incident prompted the US military to review its policies on wearable smart devices and apps.

To continue reading this article...
Continue reading this article and get limited website access each month.
Get unlimited website access, exclusive newsletters plus much more.
Cancel or pause at any time.
Already a subscriber to The Week?
Not sure which email you used for your subscription? Contact us