After fitness apps have been shown to reveal the locations of U.S. military personnel in hot zones around the world, the Pentagon is mandating that armed service members must switch off any device using GPS functionality if they are deployed in “operational areas.”
“Effective immediately, Defense Department personnel are prohibited from using geolocation features and functionality on government and nongovernment-issued devices, applications and services while in locations designated as operational areas,” Pentagon spokesman Army Col. Robert Manning III said in a media statement.
This includes physical fitness aids, applications in phones that track locations, and other devices and apps that could pinpoint and track the location of individuals in active combat zones; and commanders will make a determination on other areas where this policy may apply.
“The rapidly evolving market of devices, applications and services with geolocation capabilities presents a significant risk to the Department of Defense personnel on and off duty, and to our military operations globally,” Manning said, adding that their use in overseas locations “potentially create unintended security consequences and increased risk to the joint force and mission.”
The news comes after a popular fitness-tracker app called Polar Flow was found to expose personal data about users, if the users’ opted in to share their training sessions and their GPS location data via its Explorer feature.
These included military personnel and government intelligence officers, according to Reporters at De Correspondent, a Dutch news website, and Bellingcat, a site that publishes citizen-journalist investigations. They explained how they were easily able to query the application to reveal a user’s name and home locale, including those living and exercising near secretive locations “such as intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world.” In one effort, they were able to uncover personal information for more than 6,460 U.S. military and security personnel, including people working at the National Security Agency and the U.S. Secret Service.
This is the second fitness application to make headlines on the Department of Defense front this year. In January, it was revealed that Strava, another popular application for tracking activity and exercise, inadvertently published potentially sensitive information about military bases and supply routes via its global heat-map website.
The data map collects the data from people who use fitness devices like Fitbits, to show where people have been exercising over the past two years. It shows 1 billion activities and 3 trillion points of latitude and longitude from “Strava’s global network of athletes,” according to the company, with the idea being to make finding common and popular workout locations easy.
Some of the users however are soldiers stationed at sensitive locations such as military bases, and deductions can be made: For instance, most of the Middle East portions of the map are dark, except for pockets of activity here and there; those that don’t match up with known settlements and bases could be deduced to be installations. Also, it’s only updated once a month, but it does show habitual workout routes – a problem for military personnel who don’t necessarily want their movements to be predictable.
Users can choose to mark their information as “private,” but many forget to do so, or they don’t take the time.
“Users are unlikely to fully understand what data is being stored, and this leads to an almost predictable cycle of outrage over privacy concerns,” George Avetisov, CEO of HYPR, via email. “The average user knows they must click ‘Allow location data to be shared’ for the app to function – but they are not cognizant of just how much information they are revealing.”
Deepak Dutt, CEO of Zighra, added: “Apps like Maps, Uber, Weather and even camera apps like Snapchat use location services to cater to users based on their location. As consumers, we often don’t fully read through privacy statements due to their length and complexity, yet we agree to them. Transparency must be a key focus as we work toward better privacy regulations.”