Polar Flow: Fitness app identifies spies
In thrillers it’s normally sophisticated tracking software and tools that are used to flushing out spies or tracking people of interest. In the real world it’s unintentional privacy issues like the one in the Polar Flow fitness app … and you don’t even need a “License to Kill” in order to use them.
Fitness trackers are very useful and a lot of people utilize them to track their progress when it comes to workouts, heart rate, training route, etc. If you are really into it, you normally can also exchange and compare the routes you run with your friends and the world.
Polar Flow’s Explore Map reveals who you are and where you live
Showing off how sporty you are is one of the key features of most fitness apps – but only if done voluntarily. A free for all on your profile including your training routes is too much though.
This is exactly what happened with Polar, a Finnish-based fitness tracking company. Thanks to a feature called “Explore Map” every users’ route could be tracked for the time-span in which the profile was not set to “private”.
Over 6,500 people across 69 countries were identified
According to Bellingcat it was really easy to do so: “Find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised. As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map. Users often use their full names in their profiles, accompanied by a profile picture — even if they did not connect their Facebook profile to their Polar account.”
Thanks to the above issue the investigators were able to identify:
- Military personnel exercising at bases known, or strongly suspected, to host nuclear weapons.
- Individuals exercising at intelligence agencies, as well as embassies, their homes, and other locations.
- Persons working at the FBI and NSA.
- Military personnel specialized in Cyber Security, IT, Missile Defense, Intelligence and other sensitive domains.
- Persons serving on submarines, exercising at a submarine base.
- Individuals both from management and security working at nuclear power plants.
- A CEO of a manufacturing company, exercising in locations all over the world.
- Americans in the Green Zone in Baghdad.
- Russian soldiers in Crimea.
- Military personnel at Guantanamo Bay.
- Troops stationed near the North Korean border.
- Airmen involved in the battle against the Islamic State.
Overall this included nearly 6,500 people across 69 countries.
Polar has since removed the map and set all users to “private”.
This article is also available in: German