Like many people today, you probably have a smartphone you carry around with you and among the many useful things it does is tell you your current location using GPS. This can be used to find out how to get to somewhere, keep track of traveled distance, use it for fitness, or some other thing via some app that comes preinstalled or you downloaded from the app store. Such apps tend to have a data collection policy which is often ignored or skimmed over by many people. When you are using the app, do you know whether your data is being collected and do you know how it is being used?
One of such apps, Strava, is used by athletes to keep track of their progress and share it among your friends and community. The way it works is described by Strava as “The way you ‘post’ in this network is by being active. Strava works with your mobile phone or favorite GPS device to track your activities and share your efforts with friends.” Such thing would entail uploading your GPS data, storing, and sharing it with the community. This is fine if you know what you signed up for, but some people are not aware of how the app works and how the data is being used.
Strava has a projects section where they talk about the various analytical aspects of the data they collect and what can be found out by examining it. One of those projects is a global heatmap of all the mapped locations and data of their users. It’s an interesting project, but this and Stravas overall exposure of data does come with some consequences. Such one of these consequences is when Strava recently made headlines as it was found out that it is possible to find and see details of military bases due to soldiers using the app.
Using the heatmap, people have located and shared locations of military bases, in which it can be possible to see the internal layouts of. According to The British daily newspaper, theguardian, locations include and are not limited to US base Camp Lemonnier, US Naval Expeditionary Base, a CIA “black site”, headquarters of GCHQ, in Cheltenham, England, and CIA headquarters in Langley, Virginia. This data is the not the only thing the app exposes. Theguardian, says “The leaderboard for one 600m stretch outside an airbase in Afghanistan, for instance, reveals the full names of more than 50 service members who were stationed there, and the date they ran that stretch.”
Following this scandal, Strava made a statement saying, “We take the safety of our community seriously and are committed to working with military and government officials to address sensitive areas that might appear”, and they also took action by advising military personnel to opt out of data collection. While militaries have policies prohibiting cellular or wifi, photographic, video capture/recording, microphone, or audio recording capabilities, there are no policies regarding bluetooth and GPS, and no policies regarding uploading such information. As these issues become more apparent, according to theguardian, “militaries around the world are contemplating bans on fitness trackers to prevent future breaches”.
– Alex Baraker