Fitness trackers have become so common that people strap them on with no worry or concern. After all, they’re not like smartphones or even smartwatches with tons of features and apps that could be harvesting your data. Unfortunately, fitness trackers themselves and their official apps can actually be gold mines of information. Worse, they can actually pose security risks not just for individuals but for countries as well as services like Polar expose secret places and the people that go to and fro those bases.
It has almost become expected for serious fitness trackers to have GPS functionality. While not absolutely critical to counting stats like steps, heart rate, etc, location tracking has become a useful metric of a user’s performance and past activities. Unfortunately, some fitness tracking services have been found to be too generous with such user data.
Earlier this year, fitness app Strava was reported to have accidentally and indirectly revealed the location of military bases, including secret ones, by providing “heat maps” of users’ runs. Now investigative website Bellingcat reports that Polar, who makes its own fitness trackers and app, has done the same but in an even worse way. It has made it too easy for almost anyone with enough hacking skills to find users, see their runs and walks, determine base locations, and even the users’ homes. It is a security nightmare on both personal and national levels.
Part of the problem lies in the habit of users that would unwittingly use very identifiable names and information with little thought for consequences. Or having well-known habits, like turning off their trackers at home, which easily mark out such places. Of course, bulk of the blame also lies on service providers like Polar who share everything publicly by default and make it too easy to scrape information off their servers.
Polar has reportedly already taken actions to protect the privacy of its users, but hopefully it’s not too late. The US military has been reviewing its rules on the use of wearable devices, but that doesn’t cover civilians entering or leaving bases. Suffice it to say, it’s not looking good for fitness tracker business when it comes to use by military, or even government, personnel.