Polar Suspends Flow Explore Feature after Privacy Snafu

A popular fitness app developer has been forced to suspend one of its core services after reporters found a method to track any location and get the identification of thousands of military staff.

Finnish company Polar release a variety of devices and the Polar Flow app that can be able to allow users to create their private profiles.

Although, as per the report of the Dutch media and UK site Bellingcat, an API error has exposed the fitness activities of private users all the way back to 2014.

Based on the map, it was simple from the information to spot that where the user was doing exercise and where they lived currently.

Because of that, over 6400 users were identified in some locations that are MI6, the White House, the NSA. Besides this, the military bases are also including Bagram Airfield in Afghanistan in these locations.

On Friday, Polar responded by suspending the Flow Explore feature, and step-in-aid of the execution for corrective actions.

The firm explained that the issue stemmed from users that had run both public and private sessions on the app. It could be linked by the user peerless User Identifier (UID).

It continued that, by using this identifying UID app, it was possible to receive users public training sessions by altering the search parameters in the browser.

After doing this, the training sessions will belong to a private profile that could be able to link with each other. These training sessions that have not been set to public by the user that is not shown publicly.

Various public training sessions are always started and end in the same place, so now, it is possible to infer the essential points of interests that are linked to the user.

This same trick also worked the other way round: the first one is to find sessions in a particular location and then search for these users’ other training sessions.

It was especially unfortunate, for example, it is fine for military staff and intelligence agents.

The discovery comes just in few months after fitness app Strava was found to be revealing potentially private information about military bases. It is able to transfer routes with the help of its global heat-map website.

Leave a Reply