Polar products Photo courtesy Polar.
In addition to suspending the Polar Flow app's Explore function, Polar issued an online statement insisting it did not "leak" personal data, as app users must opt-in to publicly share mapped content.

Polar App Revealed the Locations and Personal Data of More Than 6,000 U.S. Military Personnel

Polar Electro Inc. is taking steps to address concerns raised over the ability of the company's Explore function on its Polar Flow app to reveal personal data and geographic locations of individuals.

Wearable technology company Polar Electro Inc., Kempele, Finland, on July 6 suspended the Explore function of its Polar Flow application after a group of Dutch journalists used the function to uncover the personal data and geographic locations of 6,460 U.S. military and security personnel.

In recent weeks, journalists from Dutch news sites De Correspondent and Bellingcat went public about their ongoing investigation into Polar's app.

Much like Strava and other physical activity-tracking applications, the Polar app has allowed users to create and publicly share geo-marked activity maps such as those for neighborhood running routes. In exploring these publicly shared routes, the journalists were able to learn additional information about app users going back to 2014.

"As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map," the July 8 Bellingcat article stated. "Users often use their full names in their profiles, accompanied by a profile picture — even if they did not connect their Facebook profile to their Polar account."

A July 18 report by The Washington Post confirmed that the journalists tracked the running histories of users stationed at military bases overseas, including Guantanamo Bay Naval Base and Camp Lemonnier in Djibouti, the primary base of operations for U.S. Africa Command in the Horn of Africa.

"Polar’s widely used fitness app endangers military personnel, intelligence operatives, and people who work at sites where nuclear weapons are stored. It’s dead simple to track down their names and addresses," the July 8 De Correspondent article stated.

In addition to suspending the app's Explore function, Polar issued an online statement after the journalists' investigation in which the company insisted it did not "leak" personal data.

"It is important to understand that Polar has not leaked any data, and there has been no breach of private data," the July 6 statement said. "Currently the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case. While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API."

Polar is "sensitively re-working" its Explore function, according to the statement, and it plans to take additional measures to remind app users to avoid publicly sharing sensitive GPS data. (When a Polar Flow account is created, activity mapping is set to private by default, meaning users must opt-in to publicly share content.)

De Correspondent estimated that the Polar app has approximately 30 million users and is particularly popular in Western Europe and the United States.

“This example demonstrates how important it is to be aware of all the consequences digital technology can have,” Dutch Minister of Defense Ank Bijleveld told De Correspondent. “Technology keeps making more and more things possible, but the flip side of that ability is adjusting our security and awareness to match.”

TAGS: Vendors
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish