Mobile fitness app Polar has suspended its location tracking feature after security researchers found it had revealed major sensitive data on military and intelligence personnel from 69 countries.
The revelation on the application from Finnish-based app Polar Flow comes months after another health app, Strava, was found to have shown potentially sensitive information about the US and allied forces around the world.
Security researchers in the Netherlands said Sunday they were able to find data on some 6,000 people including military personnel from dozens of countries and employees of the FBI and NSA.
The disclosure illustrates the potential security risks of using fitness apps which can track a person’s location, and which may be “scraped” for espionage.
“With only a few clicks, a high-ranking officer of an airbase known to host nuclear weapons can be found jogging across the compound in the morning,” security researcher Foeke Postma said in a blog post-Sunday after an investigation with the Dutch news organization De Correspondent.
“We can find Western military personnel in Afghanistan through the Polar site. Cross-checking one name and profile picture with social media confirmed one soldier or officer’s identity.”
The investigation found detailed personal information, including home addresses, of military personnel, persons serving on submarines, Americans in the Green Zone in Baghdad and Russian soldiers in Crimea, the researchers said.
Polar said in a statement it was suspending the app’s feature that allowed users to share data while noting that any data made public was the result of users who opted into location tracking.
“It is important to understand that Polar has not leaked any data, and there has been no breach of private data,” the statement said.
It said the location tracking feature “is used by thousands of athletes daily all over the world to share and celebrate amazing training sessions.”
According to De Correspondent, only about two percent of Polar users chose to share their data, but that nonetheless allowed anyone to discover potentially sensitive data from military or civilian personnel.
“We found the names and addresses of personnel at military bases including Guantanamo Bay in Cuba, Arbil in Iraq, Gao in Mali, and bases in Afghanistan, Saudi Arabia, Qatar, Chad, and South Korea,” the report said.
In January, the Pentagon said it was reviewing its policies on military personnel use of fitness application after Strava’s map showed a series of military bases in Iraq as well as sites in Afghanistan.