As people move towards getting fitter, the wearables market has seen good growth in sales numbers. Most of the credit can be given to brands like Xiaomi, Honor, Fitbit and Garmin among others for bringing affordable fitness tracking devices in the market. Connected to smartphones via Bluetooth, you will also need an app to record your activities, and present you with statistics and analytics data. Now, while there are over 25 third-party apps to log data from fitness tracking devices, they may pose a threat and prove to be a security hazard too.
Data logged by fitness tracking apps
Apps such as Strava, Map My Run, Joy Run and Sports Tracker, among others, are available to download for free and are also highly popular among users. Fitness trackers, when connected with these apps, also allow users to upload their fitness data, and take advantage of other services they offer. Some fitness tracking devices today come with built-in GPS, whereas others use smartphones to log the location, along with the entire day’s movements of the users, including the regular jogging route.
Strava heat-maps controversy
Strava recently released a heat-map of a billion user activities tracked using more than 13 trillion GPS Points. The engineers at Strava also went to great lengths to anonymize the heat-maps, which included stationary points, GPS corrections, and driving route points based on velocity among others. The private areas designated in user profile, along with the ones who opted to keep their data private were excluded from the heat-map.
However, even though some users opt to keep their location and data private, data points logged by the app are still stored on the server. After Strava released the heat-map, military analysts in the US noticed that the map is detailed enough to offer sensitive information about Strava users, including military personnel on active service, which can be a security threat for the nation.
Fitness tracking and India
According to eScan, Indians have adopted fitness trackers at a very large scale. The heat-map of India not only shows high-density routes with the highest concentration of fitness tracking activity, but also shows that a lot of users are within the cities. And besides those serving the armed forces, the ones offering support services are also at threat.
eScan believes that the civilian technology should be heavily monitored. A few years ago, Google released Google Maps, and the defense sector was heavily hit. The objective behind putting barricades and restricting civilians from military zones fell flat as all the details, including the military base, were easily available. Google was forced to pixelate the designated restricted zones.
Unlike Strava, other tracking services haven’t released heat-maps, but the amount of data they collect is enough to identify you and access your daily routine. In any case, if this data falls in wrong hands or becomes available to a rogue nation, it can have the potential to jeopardize the security infrastructure of the country.
Further analysis reveals that the Indian defense establishment has implemented some IT security guidelines for all its forward bases where heat-trails terminate at checkpoints. However, the heat-maps reveal routes used by patrolling teams, and not all military bases have restricted civilian access. In 2017, we have seen a lot of data breaches, and if data stored in the servers of any of the fitness apps is stolen, the heat-maps can be a threat to the nation.
Advisory to enhance security
As you can see in the above images, the heat trail for India’s north-east border with China, the area around LOC and the restricted zone is clearly visible. eScan advises to audit and restrict civilian GPS-enabled devices in sensitive zones. Also, the policy of usage of GPS-enabled devices should be enforced. And lastly, non-approved GPS-tracking should be completely banned from use at forward bases.