[ skip to content ]

Do Popular Fitness Apps Used by Service Members Risk U.S. Security?

By Betsy Hnath

A recent Washington Post article highlighted concerns regarding the vulnerability of U.S. military personnel due to fitness tracking apps.

According to reports, by posting a "heat map" online, the fitness-tracking company Strava detailed the location activities of users, inadvertently including U.S. military bases in areas like Afghanistan and Iraq.

Though experts have been vocal in their warnings, the Post report brings tracking app privacy concerns back to the forefront.

Old Dominion University's Michael Wu, director for the Center for Cybersecurity Education and Research, says he isn't surprised that the military is concerned that sensitive information might be relayed by fitness-tracking apps.

"The fitness apps usually use GPS and motion sensor data to track users," said Wu. "If the phone or app is compromised, the attacker is able to know the user's daily routine activities -- where s/he is, what s/he does, etc. This leads to privacy concerns and is obviously dangerous for military personnel."

Fitness-tracking devices or apps monitor when a device is in motion or still, creating a trail of activity, or a map.

Only those using the Strava app, a "social network for athletes," transmitted information. Strava made the maps, along with other personal data, widely available within its network as a way to encourage users to connect with one another.

Military officials say they are reviewing guidelines for what apps will be allowed on bases.

Though many Strava customers were surprised at the level of information available to such a wide audience, Wu says this is nothing new.

"Extensive studies have been reported recently to show possible attacks by exploiting sensors on smartphones and wearable devices," he said.

So should people stop using fitness tracking apps altogether? Not necessarily.

"For most people, as long as we follow basic security principles to keep our phone secure and use only trusted fitness apps, it is fine to continue using them," he said. "There is no perfectly secure system; neither is there a 'silver bullet' that can mitigate every possible attack. But if the information is not extremely valuable and the defense is strong enough, the attackers would lose incentive and motivation to attack it. On the other hand, attacks to sensitive military and government agencies are not based on economic incentives. As such, policies should be carefully reviewed to protect the security and safety of the individuals and organizations."

Related News Stories


ODU Expert: State of the Union Address Unlikely to Resonate in Partisan Environment

Ben Melusky said President Trump set out to achieve four goals: present his policy vision, reiterate successes, offer a unifying message to Republicans and present himself as a strong leader. (More)

Red Blood Moon

First ‘Super Blue Blood Moon’ in 150 Years Appears Across the U.S. 

If you thought the moon looked bigger, brighter and a little discolored early Wednesday morning, your mind wasn't playing tricks. (More)


Ph.D. Student's Research Aims to Reforest Dominican Republic -- Naturally

At about the same age Spencer Schubert was grasping the concept "what goes in must come out," he was introduced to ornithology - the study of birds. Decades later, Schubert, an Old Dominion University Ph.D. student in ecology, is combining two ostensibly disparate subjects into a research project. (More)

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.