Runners and cycling enthusiasts who are frequent users of the popular Strava fitness app may be leaving their location data exposed.
Strava records your runs and bicycle rides and also creates competitions between you and other users who frequent the same routes. Using the app’s Heatmap feature, researchers at North Carolina State University(Opens in a new window) were able to predict user locations with roughly 37.5% accuracy.
The Heatmap feature, added in 2015, lets you see a visual representation of the most popular running and biking routes for other Strava users. This can be especially useful if you’re running or biking in a new location for the first time. More active users who frequently use the app on the same routes produce more “heat” on the map and are more easily identified than casual users or those who switch up their routes more often.
Hide your starting and ending address via the app’s privacy controls.
As Bleeping Computer reports(Opens in a new window), NCSU researchers collected data from Strava heatmaps in Arkansas, Ohio, and North Carolina for a month, and overlayed heatmap images with images from OpenStreetMaps, a free geographic database. The study concluded that identifying users’ home addresses on heatmaps is feasible, mainly because users provide their full names and profile images in the app.
But before you uninstall Strava, you have a few options to help keep your location data safe. For starters, if you don’t want to contribute to the app’s heatmap, toggle off the Aggregated Data Usage control(Opens in a new window), which excludes all activities, or make Activity Visibility(Opens in a new window) private. Another option is to hide the area around your activities’ start and end points by up to 1 mile via the app’s privacy controls listed in the settings menu.
Recommended by Our Editors
In a statement, Strava tells Bleeping Computer that it only produces a heatmap in areas where “multiple people have completed an activity,” and urges those who do not want to contribute to a heatmap to toggle the function off in the app.
Whatever you decide, it’s always wise to be mindful when using apps that ask for personal information. Features such as Strava’s Heatmap provide a helpful tool for fitness aficionados who like to share and compete with one another, but they may not be the only ones watching.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.