Strava has become a very popular app for tracking sports activities and workout plans. Especially during the COVID-19 pandemic, it has become a widely used tool that has at least partially replaced gyms and provided a way to connect with friends—even if only online—and achieve fitness goals. Currently, over 100 million people worldwide use the app. The app offers a truly wide range of different sports and the ability to track activities and share them with friends. However, over time, it has become clear how this can be misused.
A popular feature of the Strava app is the ability to track your activity, whether you’re running, walking, or biking. Users can then share the activity they’ve tracked with their group and compare their results. Another feature Strava offers is the “Heatmap.” With this feature, you can track your movements in your current location and share them anonymously with other users. Its main purpose is to track popular spots if you want to meet people with similar interests to yours—or, conversely, to explore places that almost no one visits. This feature seemed very useful—until researchers at the University of North Carolina decided to take a closer look at it.
Three experts from the university believed that this feature could be used to track down your home address. The process itself began by hacking the app and then using data from the “Heatmap” feature. They focused on routes along sidewalks, where houses were most likely to be located. Since people most often start and stop Strava while still at home or in front of their house, these routes always begin and end at the exact home address. They then combined this data with a real-world map and were able to assign exact addresses to the locations. The more active a person was on Strava and the more activities they logged, the easier it was to pinpoint the exact address. They were able to achieve this level of accuracy in approximately 38% of cases.
There are several ways to avoid this type of data sharing. You can turn off the “Heatmap” feature entirely or avoid starting such tracking right at home or in its immediate vicinity. Another option is to change your profile from public to private in the settings, which will prevent access by strangers. They have also proposed that Strava itself create a “discreet zone” in a selected area where this data will not be displayed.
The app’s developers themselves have addressed these concerns regarding data leaks, stating that every user has control over their privacy and has consented to sharing. If a user does not want the “Heatmap” feature to track their movements, they can opt out at any time.
An interesting case related to the “Heatmap” feature involved the tracking of movements in places where you really wouldn’t expect it, such as remote locations in Afghanistan or Syria. It was later discovered that these were locations of secret bases where soldiers using this app were stationed. This made it all too easy to reveal the locations of bases that were supposed to be strictly classified. Since this could pose a very serious problem, soldiers stationed at these bases are strictly prohibited from carrying any devices with them.
