USA TODAY US Edition

App map raises security concerns

Athletic network posts activity of 27M users

- Brett Molina

A fitness tracking app that posted a map with potentiall­y sensitive informatio­n about its users sparked concerns over how similar services protect personal data — and what users can do to protect themselves.

Strava is among several apps and devices like Fitbit that are part of the surging fitness tracker market. In most cases, the apps or devices keep tabs on the users’ basic health informatio­n such as steps taken, heart rate or sleep.

Some of those apps could collect more, such as calendar or contact informatio­n, depending on what permission­s they request, said Michelle De Mooy, director of the Privacy & Data Project at the Center for Democracy & Technology. “It’s important to dig into the settings of your phone or whatever device you’re using to see what has asked for access to these different types of data and whether or not you’re comfortabl­e with that,” she said.

Since 2015, Strava has published a global heat map detailing the activity of its 27 million global users. Strava describes itself as a “social network for those who strive,” aimed at athletes who want to track their jogging or cycling activity.

Security experts questioned whether the map could show not only the locations of military bases but specific routes most heavily traveled.

In a statement, Strava said the map doesn’t include data “marked as private.”

According to Strava’s privacy policy, informatio­n and content may be accessible to the public, depending on how accounts were set up. Strava and similar apps, including Runkeeper, are more social, allowing users to keep track of specific routes they use to run or bike.

Because it’s a social network, settings often default to public view instead of private.

Fitness trackers and apps have been criticized for vague privacy policies.

“It’s important to dig into the settings of your phone ... to see what has asked for access ... and whether or not you’re comfortabl­e with that.”

Two years ago, the Norwegian Consumer Council claimed that companies, including Fitbit and Garmin, collected more data than needed for their trackers and weren’t clear about how data are managed.

In 2016, Open Effect — a Canadian non-profit group focused on research into how personal data are handled — partnered with the Citizen Lab at the University of Toronto to analyze fitness tracker security. They found seven out of eight devices “emit persistent unique identifier­s that can expose their wearers to long-term tracking of their location” if the devices aren’t connected to a smartphone.

“These apps can track your location, and very often, these companies are disclosing sensitive location informatio­n to third parties without users’ knowledge or consent,” said Sam Lester, consumer privacy fellow at the Electronic Privacy Informatio­n Center.

Michelle De Mooy Privacy & Data Project

?? DAVID GOLDMAN/AP ?? U.S. soldiers run laps as part of their physical training in 2011 at Combat Outpost Monti in Afghanista­n.
DAVID GOLDMAN/AP U.S. soldiers run laps as part of their physical training in 2011 at Combat Outpost Monti in Afghanista­n.

Newspapers in English

Newspapers from United States