The fitness app’s Global Heat Map has accidentally given away the locations of secret military bases and supply routes
Armed forces reassess security after Strava app reveals troop locations
Militaries across the world are being forced to look into their security policies after the Strava app accidentally gave away the locations of secret bases and supply routes.
The fitness app, which can be used on devices such as smartphones and Fitbits to record and share exercise routes, upgraded its software in November last year to include a Global Heat Map which shows every single activity ever uploaded to Strava in a data visualisation map.
The heat map shows more than three trillion individual GPS data points and one billion activities ever uploaded to Strava.
However, analysts realised at the weekend that the map could also be used to pinpoint military bases and patrol routes as Strava is very popular with active military personnel.
Twitter users such as analyst Nathan Ruser, from the Institute for United Conflict Analysts, began uploading images of the heat map, which showed clearly identifiable locations of bases or soldier activity in places such as Syria, Iraq, Afghanistan, Mali and disputed territory in the South China Sea.
The revelation has caused alarm for the Australian military, who said devices record or transmit should be left at home when soldiers are deployed overseas.
Australia Defence Association spokesman Neil James said it was becoming more of a challenge to stop security breaches.
“In world war II, all you had to do was censor peoples’ letters so they didn’t inadvertently tell someone at home something they shouldn’t,” he told Australia’s Associated Press.
The US military is also examining the situation, the Washington Post reported.
Adrian Weale, a former military intelligence officer, told The National it was the UK’s policy for British troops to hand over GPS-enabled smartphones before they went into theatre.
“The big issue for us in the Middle East was that there were various interested parties capable of intercepting GPS-enabled devices as the stuff was not encrypted or there was not particularly deep encryption,” said Mr Weale, who was in Afghanistan in 2016.
“There will be a rapid rethink of people who do allow or were being relaxed about service personnel taking GPS into theatre.
“It’s not in anybody’s interest. It’s all very well mapping a run on GPS, but if you’re going to be attacked I don’t imagine anyone will be wanting that.”
In response to the security breach row, Strava has told users they can upgrade their privacy settings to avoid sharing data about their location.
The company said in a statement: “Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones,” with a link to a blogpost from 2017 which showed how users can improve their privacy settings, including by opting out of the global heat map.
“We are committed to helping people better understand our settings to give them control over what they share.”
“We take the safety of our community seriously and are committed to working with military and government officials to address sensitive areas that might appear,” Strava added.