A few days back, the maker of GPS-based fitness app Strava, came under the spotlight for revealing the location of secret military bases. Following the backlash, the CEO of the company penned down an open letter to the community asking them to read about their privacy options and update the settings.
Now, according to a UK-based mobile security and data management firm Wandera, Strava’s privacy settings are not really effective at all. Dan Cuddeford, Wandera’s director of systems engineering, found out a major flaw in Strava’s Privacy Zones feature.
Strava’s Privacy Zones feature allows you to track your movements, but create spaces where you don’t want your information to be made public. However, Cuddeford ran a quick test and used simple math to triangulate the private zones as well as the places where a particular user might work, live, etc.
On a more interesting note, Cuddeford pointed out that they reached out to Strava about this flaw back in June 2017 itself. For some reason, Strava decided to look over this and ignore the findings.
According to Strava’s spokesperson, who spoke to The Verge, the company’s team “has been working to augment and improve privacy options well before we were contacted by this company and others, we appreciate their interest in our platform. In the coming weeks, Strava will be rolling out more privacy options for users.”
As alarming as it already is, this isn’t the first time that security researchers have triangulated the location of mobile app users. Back in 2014, a security firm called IncludeSecurity did something similar to find out a Tinder user’s location. But luckily Tinder was quick enough to address and resolve the issue.
Although Strava has promised to roll out an update to fix the issue and further improve the privacy issues, it is always good to be aware of the fact that GPS-based social apps are constantly using your data and you must be very careful with any and all the apps that you use.
