Global heatmaps, published by the San Francisco based social network for athletes, Strava, inadvertently revealed the locations of sensitive military installations around the globe last November, according to analysts. The company’s heat map collects information from its fitness tracking app, to create a global map of its user’s athletic activities around the world. It included trillion latitude and longitude points, according to The Verge.
Last week, analysts pointed out that by cross-referencing the heat map with the known locations of military bases, it is a relatively simple task to determine the movement of personnel, or even to determine the location of bases in combat zones using user data from the app.
Nathan Ruser, of the Institute for United Conflict Analysts, took to Twitter to call attention to how the app revealed regular jogging routes, patrols, and even the exact locations of forward operating bases in Afghanistan.
The data supplements information already available through publicly available satellite data and Google Maps, showing how frequently certain routes are used. This presents a possible security threat for military personnel. If the app is used with default privacy settings, the identities of individual personnel can even be uncovered.
The leaderboard for one route near an airbase in Afghanistan showed the full names of over 50 personnel who were stationed at the base, along with the date they ran that particular route.
A US Central Command spokesman, Air Force Colonel John Thomas, said officials are looking “into the implications of the map.”
“The Department of Defense takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required.”
For their part, Strava emphasized the personal responsibility of service members. According to a statement:
“Our global heatmap represents an aggregated and anonymised view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones…we are committed to helping people better understand our settings to give them control over what they share,”
Along with the statement, the company shared a blogpost from last year, outlining the ways users can increase their privacy using the app’s settings.
Military personnel are already not allowed to use mobile devices in sensitive areas, and last year were prohibited from installing the location based game Pokemon Go on government issued devices. Other warnings have cautioned personnel against using apps that track their location.