Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Daily Mirror
Daily Mirror
Technology
Stefan Mieszek

Strava users urged to check their settings now as worrying loophole discovered in popular fitness app

Although popular social fitness app, Strava, takes steps to anonymous users' data, a new paper from researchers at NC State University claims that information such as home addresses might be vulnerable to leaks. The paper claims to raise "significant privacy concerns", particularly in relation to the Heatmap feature.

Strava claims that the heatmap features only use generic data, aggregated from a wider pool of information in order to make it impossible to get specifics about any particular user. The researchers, however, seem to have found a loophole.

It turns out it's possible to look up specific Strava users in a given area, provided they've shared "city-level information" on their profiles. Ill-intentioned users can also look at the generic data in the heatmap to work out where routes are likely to start and finish.

Anupam Das, senior author of the paper, states: “In a densely populated area, with lots of routes and lots of users, there is so much data that it would be extremely difficult to track any specific person. However, in areas where there are few users and/or few routes, it becomes a simple process of elimination – particularly if the person someone is looking for is a highly active Strava user."

As an additional concern, Das notes that users who have marked their accounts as private still show up when anyone searches for a list of all the users in a given area, meaning "marking an account private doesn’t necessarily provide additional protection against this tracking technique."

The Researchers reached out to Strava about this concern, and were told that Strava "does not share heatmap data unless several users are active in a given area".

That said, Kevin Childs, first author of the paper pointed out that they were still able to work out the home addresses of some users using the heatmap, which they then confirmed using voter registration data.

This revelation has caused huge concern among the Strava community, particularly in relation to people who might be trying to protect themselves from stalkers.

Luckily, users can prevent this risk by opting out of the "aggregated data usage" feature, which can be found in the Strava account settings. This will remove all of your data from the heatmap, and prevent any of them from being used in the future.

We reached out to Strava for comment but did not receive a response.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.