Skip to main content

Polar Fitness App Accidentally Maps Locations of Military Bases, Nuclear Warehouses

Here's a question for philosophers: If someone goes for a run without logging it in a fitness app, did they exercise? The number of fitness trackers on the market, from Strava and Runkeeper to many others, suggests that the answer is no. But a fitness app called Polar has inadvertently revealed more than the answer to that philosophical question; it's also leaked the locations of military bases and other secret areas.

Polar, like many other fitness apps, lets users log a map of their run. You can also make the maps publicly available so other people can see where you're hitting the pavement. The problem, as De Correspondent and Bellingcat discovered this week, is that someone can use these maps to learn more about your life than you may have wanted.

De Correspondent and Bellingcat were able to track 6,460 people across 69 nationalities through Polar's activity map. Using the map, the publications also found 200 sensitive locations: 125 military bases, 48 nuclear weapon storage facilities, 18 intelligence agencies, a smattering of drone bases, embassies, nuclear power plants and royal residencies and a police academy.

Worse still is people could use Polar to learn individuals' exact addresses with little more than Google Maps' Street View feature. All you need is Polar's activity map and access to a computer. "Anyone with a basic understanding of computers and some common sense," De Correspondent summarized, "can find this information."

Polar told De Correspondent that less than two percent of its users have publicly available logs. The company also released a statement on its website:

"It is important to understand that Polar has not leaked any data, and there has been no breach of private data. Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings and are not affected in any way by this case. While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API."

  • Co BIY
    This story was out months ago. The data did publicly reveal for the first time the location of a US military base in Syria. Because unthinking staff thought it was more important to brag about their fitness program and lost perspective about what they are actually doing.

    "Loose lips sink ships." - some lessons have to be relearned constantly.
    Reply
  • DotNetMaster777
    Fitness App follow for us !
    Reply
  • SkyBill40
    Translation: "Yeah, hardly anyone uses the public logging to show their runs... but it's out there for anyone with a computer and common sense to find and that's not our fault at all. Oh, and it's totally cool that we know where these places are even if they weren't public."
    Reply
  • t.s.wiacek
    - *knock knock*
    - Who's there? - asks Polar CEO
    - CIA, NSA, MP,...
    Reply
  • Kahless01
    why would the polar ceo be in trouble? these features are turned off by default. these morons turned them on and shared their locations to the world. if anything the users should all be thrown in prison for negligence.
    Reply
  • Olle P
    Seems very much like a non issue to me.
    The general location (outer parameters) of mentioned facilities should more often than not be public knowledge and easy to find for anybody interested.
    Exact details of the facility are not revealed unless the "target" is the individual doing the exercise.
    Reply
  • Zaporro
    1st of all, shame on TOM, again, for reposting a "news" story from several months ago.

    2nd its not just about location of these places, if some guard or person patrolling the location has this app running (knowingly or not) a person viewing past "runs" can identify patrol routes, often outside locations and look for blind spots in security
    Reply