Polar’s Flow app exposes sensitive information that can be used to work out where people live and work.
 
The news: A report from De Correspondent and Bellingcat, which conducts online investigations, has shown how data from Polar’s app can be used to reveal the identity of military and security personnel, and also their home or workplace addresses.
 
Track changes: By looking at exercise routes shared by Polar users and combining these with data from online searches, investigators identified the names and home addresses of some people working for intelligence agencies in the Netherlands, the US, and other countries, as well as the names and whereabouts of military personnel at bases in regions like the Middle East and Africa. They also managed to identify people who worked at nuclear facilities, maximum-security prisons, and other locations.
 
Untrack changes: Polar has taken its activity-tracking map offline and has published a statement stressing that the default setting on tracking in its app is private, and that people chose to share their exercise routes publicly.
 
Why this matters: Terrorists and other bad guys could use data from fitness apps to target individuals and spot secret facilities. That risk was highlighted earlier this year by researchers using public mapping data from Strava, another social fitness app. The Polar case shows it’s still not being taken seriously enough.