Exercise app threatens national security


Australian student and analyst for the Institute of United Conflict Analysts, Nathan Ruser, recently discovered that the Strava fitness tracker could impose threats to U.S. national security by revealing locations of military bases.

In November 2017, Strava released global heat maps that use running and cycling information from wireless devices to show hot spots of heavy activity. Strava’s maps take the GPS location from a variety of devices that have their tracking services turned on, covering over 17 billion miles and tracking 27 million users.

According to Ruser, “US Bases are clearly identifiable and mappable.” The running paths of soldiers became visible to Twitter users when they noticed high activity in places including a suspected CIA base in Somalia, military sites in the Falkland Islands and a suspected military operations base in the Sahel region of Africa.

As of 2015, 20,000 soldiers and reservists were invited to participate in a program in which the Army issued Fitbit Flex wristbands. The location and patterns of these devices are easily accessible to those who have the Strava fitness tracker. The participants in this program do not even include the thousands of soldiers who exercise in their spare time using their personal devices.

Ruser tweeted on Saturday that “if soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous. This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any pattern of life info from this far away.”

Nathan Ruser reveals privacy violations for U.S. bases his tweets.

Strava not only shows where people move, but also how they move. Time and paths are easily determined from the tracker. The Washington Post said that Afghani and Syrian bases are exposed and not only patrol lines, but also where “troops live, eat or work, suggesting possible target lines of enemies.”


The heat maps put a spotlight on the daily lives of all military personnel, not just U.S. forces. Hmeimen, the main Russian base in Syria, is visible, along with patrol routes.

The spider web-esq lines that connect bases and protrude from highly active locations endanger the lives of many and poses a breach of security.

Ruser’s in-depth research has led him to conclude that this slip-up by Strava is a “big oversight,” according to his tweets. Strava is now working with military and government personnel to change privacy settings and protect troops.