The company that published a global heat map detailing sensitive military installations will simplify its privacy settings and review its app’s features to ensure it cannot be compromised by actors with bad intent, the company announced late Monday.
In an effort to address concerns raised over the weekend, Strava plans to work with both military and government officials on the potentially sensitive data their app harvested from users’ devices.
“We learned over the weekend that Strava members in the military, humanitarian workers and others living abroad may have shared their location in areas without other activity density and, in doing so, inadvertently increased awareness of sensitive locations,” James Quarles, Strava CEO, said in a news release.
The GPS tracking app Strava sources data from users’ smartphones and smartwatches to produce an overlay of popular running paths. Users quickly became aware of the app’s potential to outline secure facilities downrange.
“Many team members at Strava and in our community, including me, have family members in the armed forces,” Quarles said. “Please know that we are taking this matter seriously and understand our responsibility related to the data you share with us.”
The company also stressed that its existing privacy features should be used in the meantime, adding that engineers are working on “simplifying our privacy and safety features to ensure you know how to control your own data.”
Defense Secretary Jim Mattis has directed a department-wide review of fitness app use policies following the discovery of Strava’s potential, Pentagon spokesman Army Col. Rob Manning said Monday.
“The secretary is aware [of the breach], and we are taking a look at our department-wide policies to determine if [they] need to be updated,” Manning said.
The additional policies could include new guidelines on any kind of wearable device that tracks user locations, to include smart phones.