Polar fitness app exposed location of soldiers and government agents

Desiree Burns
July 9, 2018

Polar's fitness app had security flaws exposing the location data of its users, according to a joint investigation from De Correspondent and Bellingcat.

Over the weekend, media outlets De Correspondent and Bellingcat reported that they were able to uncover the names of more than 6,400 military and intelligence agency personnel in many countries - simply by looking up their fitness activities in Polar's insecure app.

This included the location details of soldiers and secret agents.

The firm added that it had been aware that the potential existed for sensitive location data to appear in public information, saying that it had made a decision to temporarily suspend the Explore API, which allows users to share information about training sessions.

Just six months after competing fitness tracking company Strava came under fire for revealing the location of USA military bases, Finnish wearable company Polar has experienced similar privacy concerns and has suspended its "Explore" service as a result.

Fitness gadget company Polar offers a range of heart rate monitors, fitness trackers, and Global Positioning System sports watches. So someone exercising on a military base will not only reveal where the base is, but also where they live as fitness trackers are typically turned off when entering a home, and turned back on when leaving it several hours later (and usually overnight).

Danny Dyer will 'probably cry' if he meets Love Island's Jack
Jack will be coming face to face with Dani's family, including Jo and her EastEnders star dad. She also revealed that dad Danny is a big fan of Jack, saying: "Danny really likes Jack".

Among them are United States troops in Iraq, Syria, Guantanamo Bay, those deployed to the demilitarized zone separating the two Koreas, staffers at the Federal Bureau of Investigation and NSA, military intelligence and cyber security specialists and many others stationed at bases in Africa, South Asia and the Middle East. The security concerns arose from the fact that anyone could use the map to find sensitive installations and see if any users' workouts end at these locations. Users often use their full names in their profiles, accompanied by a profile picture - even if they did not connect their Facebook profile to their Polar account.

Nevertheless, Polar said it has temporarily suspend the Explore API.

"Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case", it said.

Making your data really private on Polar Flow used to require a number of non-obvious steps, which most users apparently either didn't know about or didn't bother with.

While the app has been most popular in the West, investigators claimed they managed to unearth the identities and home addresses of the Russian military in Crimea.

Other reports by

Discuss This Article