Polar’s popular fitness app inadvertently revealed military personnel’s addresses

Just six months after competing fitness tracking company Strava came under fire for revealing the location of US military bases, Finnish wearable company Polar has experienced similar privacy concerns and has suspended its 'Explore' service as a result.

Polar is the manufacturer of such popular running watches as the Polar M200 and M400, as well as fitness-oriented smart watches like the Polar M430 and M600, while its Polar Flow app is used to organize and view user data. 

The Explore component of Polar Flow was intended to show anonymous data on its users and their activities around the globe, displaying it in a similar fashion to the activity map that was responsible for Strava’s woes earlier in the year.

Breaking the ice

A joint investigation by De Correspondent and Bellingcat has revealed that it was possible to discover the locations of secret military sites around the globe from the data found via the Explore function.

However, with enough digging, Polar’s tracking info also exposes its users’ names and home addresses. The aforementioned investigators managed to find details on 6,460 users across 69 nationalities that include “military personnel, intelligence operatives, and people who work at sites where nuclear weapons are stored”.

For users signed up to this service, Explore has tracked every activity since 2014 and, considering this wealth of data, it was apparently relatively easy to determine details like a user’s home address and the perimeter of a military base that doubles as a jogging route.

Frozen app

Polar has issued a statement addressing the security loophole, clarifying that there has been no leak or breach of private data, and has apologized for the suspension of its Explore feature.

“We are analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing GPS files of sensitive locations,” the statement reads.

If you’re a Polar user and aren’t keen on having your own data out there for the world to see, make sure you have your profile marked as private (which, thankfully, is the default setting). This will also stop the service from sharing your information with third-party apps such as Facebook.

Harry Domanski
Harry is an Australian Journalist for TechRadar with an ear to the ground for future tech, and the other in front of a vintage amplifier. He likes stories told in charming ways, and content consumed through massive screens. He also likes to get his hands dirty with the ethics of the tech.