Strava's fitness tracking map reveals sensitive information about U.S. troops and foreign bases

The Pentagon has been interested in fitness trackers since it distributed Fitbits to U.S. troops in 2013. Unfortunately, now they will have a different concern as online fitness tracking has created a global map filled with potentially damaging and sensitive information about U.S. installations abroad. What started as a tool to help users get fit and stay fit has become a matter of national security.

At least that's what international security analyst and expert Tobias Schneider thinks. The Washington Post reports that Strava's Global Heatmap, an aggregate worldwide map of where and how we use our fitness trackers, includes information from U.S. troops stationed in the Middle East in sensitive installations.

The Global Heatmap was published in 2017, but the security oversight was only recently noticed. Now that it's come to light (pardon the pun) people are zooming in to see if they can pinpoint places the Pentagon freely admits exist, but aren't anything it likes to publicize. Especially when it comes to the exact location.

Many people wear their fitness trackers all day long to measure their total step counts, and soldiers appear to be no exception, meaning the maps reveal far more than just their exercise habits.Lines of activity extending out of bases and back may indicate patrol routes. The map of Afghanistan appears as a spider web of lines connecting bases, showing supply routes, as does northeast Syria, where the United States maintains a network of mostly unpublicized bases. Concentrations of light inside a base may indicate where troops live, eat or work, suggesting possible targets for enemies.

Strava, a popular app for runners and cyclers alike, is available for many fitness devices, including Fitbit, Android Wear, and Samsung's Galaxy Gear. The 2017 map doesn't show any live data, but the information available provides what would normally be classified data for anyone too see. Including the site of a U.S. base that is yet to be announced.

At a site in northern Syria near a dam, where analysts have suspected the U.S. military is building a base, the map shows a small blob of activity accompanied by an intense line along the nearby dam, suggesting that the personnel at the site jog regularly along the dam

Not only U.S. sites have been exposed through the map, as suspected Russian and Syrian bases are visible, too. Interestingly enough, no Iranian bases are seen. Security experts say this suggests they "either don't use fitness trackers or prudently turn them off." This is an important minor detail — users are told about how their activity is tracked and given an easy option to shut down any sending of fitness data. Enough users to give a clear picture of sites the Pentagon would rather not be publicized aren't doing it. I imagine that has come to a sudden halt.

Read the fine print on every app you download and install, folks.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.