Security Breach: How a Fitness App Ended Up Revealing More Than the US Bargained For

WASHINGTON – U.S. military movements on secret remote military bases are being revealed by an exercise app.

The security breach is such a concern that Pentagon top brass and other Department of Defense officials are taking action and have launched an investigation on what to do next.

Security concerns were raised after a fitness tracking firm showed the exercise routes of military personnel in bases around the world.

Strava, which bills itself as 'the social network for athletes' that allows its users to share their running routes, released a newly updated global "heat map" last November. 

But security experts have recently realized its potential to reveal location patterns of security forces working out at military bases in remote locations.

Defense Secretary James Mattis has been made aware of the issue and the DoD is reviewing policy regarding smartphones and wearable devices, Pentagon spokesman Col. Rob Manning said on Monday.

"We take these matters seriously and we are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DoD personnel at home and abroad," Manning said.

He added that Mattis "has been very clear about not highlighting our capabilities to aid the enemy or give the enemy any advantage, so that would be our approach going in on this one as well."

In a post about the update in November, Strava said the update would include "six times more data than before – in total 1 billion activities from all Strava data through September 2017."

Strava boasts "tens of millions" of users, and according to the company, marked 3 trillion latitude/longitude points on the updated map. It tracks location data using GPS from Fitbits, cellphones, and other fitness tracking devices.

CBN News reached out to Strava; however, our emails were not returned.

Use Privacy Settings

"The rapid development of technology requires the rapid refinement of policy and procedures to enhance force protection and operational security," Manning said. "DoD personnel are advised to place strict privacy settings on wireless technologies and applications."

Service members are prohibited from wearing such wireless technologies in some areas and during some operations, Manning said.

Manning didn't say what the department will do about the issue. "We have confidence in commanders to employ tactics, techniques and procedures that enhance force protection and operational security with the least impact to individuals," the colonel said.

All DoD personnel go through annual training on information security. The training urges service members and DoD civilians to limit profiles on the internet, including personal social media accounts, Manning said.

"Furthermore, operational security requirements provide further guidance for military personnel supporting operations around the world," he said. The heat map incident re-emphasizes the need for service members to be cautious about what data to share via wearable electronic devices, he added.