Published: Wed, July 11, 2018
Health Care | By Cedric Leonard

Fitness app Polar Flow, exposed sensitive locations and home addresses, says report

Fitness app Polar Flow, exposed sensitive locations and home addresses, says report

Now, according to Foeke Postma of Bellingcat, it seems that Polar - fellow fitness company and maker of the first wireless heart rate monitor for athletes - is revealing similarly sensitive data an an even more risky and accessible way. But it's still not a great look for the Finnish company - especially when you consider the data on show was much more revealing than Strava's location debacle - and we imagine it will now take steps to shore up any lingering issues regarding privacy. "For most users who set their activity tracking records to public, posting their workouts on Polar's so-called Explore map is a feature and not a privacy issue", says tech news site ZDNet.

Just six months after competing fitness tracking company Strava came under fire for revealing the location of USA military bases, Finnish wearable company Polar has experienced similar privacy concerns and has suspended its "Explore" service as a result.

By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. It said in a statement that it has shut access to the Explore API while it analyzes "the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing Global Positioning System files of sensitive locations". That's partly because people often turn their fitness trackers on or off when they're close to home, unwittingly revealing where they live.

With the United States military continuing to review its rules on using wearable devices for its personnel in light of both Strava and Polar revelations, the fitness tracker industry will also have to look at things they can do to protect not just these military personnel but also the privacy of normal individuals.

"We found the names and addresses of personnel at military bases including Guantánamo Bay in Cuba, Erbil in Iraq, Gao in Mali, and bases in Afghanistan, Saudi Arabia, Qatar, Chad, and South Korea".

We also learned the names and addresses of personnel at nuclear storage facilities, maximum security prisons, military airports where nuclear weapons are stored, and drone bases.

France progress to World Cup final with 1-0 win over Belgium
After praising his players for their performances in reaching the final, Deschamps was asked about his own contribution. The victor will play the victor of England-Croatia in the World Cup Final this weekend.


However, the investigation claims that despite many users making their profiles private it was able to find user details due to "an oversight in the Polar app".

It has denied that any private data was leaked.

Polar is not the only app doing this, but the difference between it and other popular fitness platforms, such as Strava or Garmin, is that these other sites require you to navigate to a specific person to view separate instances of his or her sessions, each exercise having its own small map.

"As always, check your app-permissions, try to anonymize your online presence, and, if you still insist on tracking your activities, start and end sessions in a public space, not at your front door".

"It is important to understand that Polar has not leaked any data, and there has been no breach of private data", the statement said.

And as this comment, and a further Polar statement, suggests, this is a little different to the Strava episode, in which data wasn't automatically set to private.

Like this: