With so many people carrying a smartphone that can track their location using GPS, more app makers are taking advantage of the feature. Fitness-tracking app Strava is one of them, but in doing so, it’s revealing the locations of military bases around the world, along with the routines of their staff.
The company’s publicly available heatmap shows every activity that has ever been uploaded to Strava by its users. The company says it gives “a direct visualization of Strava’s global network of athletes,” showing the running routes and the worldwide locations of where people work out.
But the map does have a potential security issue. As pointed out on Twitter by Nathan Ruser, a member of the Institute for United Conflict Analysts, it reveals data about personal stationed at military bases in places like Afghanistan, Somalia, Syria, and even Area 51.
Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://t.co/hA6jcxfBQI … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable pic.twitter.com/rBgGnOzasq— Nathan Ruser (@Nrg8000) January 27, 2018
While the placement of many of these bases is known through Google Maps, satellite images, and via local sources, the data gives away sensitive information such as the location of living quarters, staff movements within the walls, training routes, and patrolled areas. One large base, which isn’t visible on satellite images, can be seen on the Strava map.
As the app is popular among Western soldiers, there are hotspot areas at bases in the Middle East.
The app also shows a UK RAF base in the Falklands and a French base in Niger. It even shows activity at a Russian base in Syria.
“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous,” Ruser said. "I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed," he added.
Strava points out that users can disable location sharing, but it’s possible that not everyone knows about the setting. The company said the data was anonymous, and it "excludes activities that have been marked as private and user-defined privacy zones."
Speaking to The Washington Post, Air Force Colonel John Thomas, a spokesperson for the US Central Command, said the military was examining “the implications of the map.”