The company Polar USA has suspended the information sharing feature on its popular fitness app, Polar Flow, after recent reports that military users had their personal information shared from sensitive military bases worldwide.
The heart-rate monitoring app allows users to share information about their running routes, but it's also sharing information such as the locations of their workplaces and homes on military bases, intelligence agencies, airfields and embassies around the world, according to a July 8 story on Bellingcat.com that details a joint investigation by Bellingcat and Dutch journalism platform De Correspondent.
Polar USA announced July 6 that it has suspended the Explorer feature in Flow after the firm learned it "could provide insight into potentially sensitive locations," according to a statement on its website.
"It is important to understand that Polar has not leaked any data, and there has been no breach of private data. Currently, the vast majority of Polar customers maintain the default private profiles and private sessions data settings, and are not affected in any way by this case," the statement reads.
"While the decision to opt-in and share training sessions and GPS location data is the choice and responsibility of the customer, we are aware that potentially sensitive locations are appearing in public data, and have made the decision to temporarily suspend the Explore API," the statement continues.
This is the second time this year that news has surfaced of an app inadvertently giving away locations and habits of U.S. service members. In January, it was reported that Strava, which uses GPS to provide route tracking for runners and bicyclists, was publishing an interactive map online that shared locations and movements of users, according to The Associated Press. The practice raised concerns about the security of military personnel on U.S. bases in sensitive areas.
U.S. military officials said Thursday they are aware of the "situation" with the Polar fitness app, but "DoD personnel receive annual training with guidelines for safe online information sharing," according to a statement from Army Maj. Audricia Harris, a spokeswoman for the Defense Department.
"This situation underscores the importance of safe online information sharing for our troops and their families, especially those who are deployed," according to the statement. "We have strict operational security requirements and guidelines in place for military personnel globally and are reviewing our existing training and guidance to determine if any additional actions are required to ensure the safety of our force."
The July 8 Bellingcat.com article reported that the investigation was able to obtain personal information from the Polar site on about 6,500 unique users exercising at more than 200 sensitive sites, "marking places they work, live, and go on vacation."
-- Matthew Cox can be reached at firstname.lastname@example.org.