Running app ‘Strava’ inadvertently gives away secret military base locations

Strava, a fitness tracking company, has recently been found to have inadvertently revealed sensitive information pertaining to the location and staffing of military bases and spy outposts around the world. The Strava app allows its users to show off their running and cycling routes to others around the world, acting like a social network of sorts for fitness minded individuals. The details were released by Strava in a data visualization heat map that tracks and shows all the activity of its users. While the app allows for privacy control options, the company has been criticized for not making it entirely clear on how to do so. It had been found that one of the “enhanced privacy” options did not provide as much security as users were led to believe.

The particular map that was released in November 2017 shows every single activity ever uploaded by Strava users, which totaled more than 3 trillion individual GPS data points. Since the app can be used on a number of devices, including smartphones and activity trackers like the Apple Watch and Fitbit, it was widely adopted by users. The GPS routes allowed users to see popular running routes in major cities, or even see other individuals who were exercising in remote locations to pick up unusual exercise patterns.

While this sounds like a cool idea for merging the idea of a social network with fitness, military analysts discovered otherwise. The person who shed light on the potential security risk of this app was Nathan Ruser, a 20-year old Australian student and analyst for the Institute for United Conflict Analysts. In a tweet, he stated “It looks very pretty, but not amazing for Op-Sec [Operational Security]. US Bases are clearly identifiable and mappable.” It was also noted that the map displayed military personnel on active duty, some of which in locations that were meant to be classified. For example, active military personnel in places like Afghanistan and Syria have been seen as users on the app. When they go for a run using the app, their running routes clearly outline the military base which they’re stationed on. Some of these base locations are supposed to be classified and regarded as sensitive information.

Pentagon spokeswoman Harris said “…operational security requirements provide further guidance for military personnel supporting operations around the world. Recent data releases emphasize the need for situational awareness when members of the military share personal information.” The US Department of Defense has said that all DoD personnel are recommended to limit their public profiles on all internet sites, especially social media.

In a statement to CNN, a spokesperson for US Central Command said, “”The coalition is in the process of implementing refined guidance on privacy settings for wireless technologies and applications, and such technologies are forbidden at certain coalition sites and during certain activities. We will not divulge specific tactics, techniques and procedures.” He went on to add that US Central Command maintains “confidence in our commanders’ abilities to enforce established policies that enhance force protection and operational security with the least impact to our personnel.”