Stravathe outdoor fitness tracking platform with more than 100 million users worldwide, would have one vulnerability that would allow hackers to find the home address of whoever uses it. A group of American researchers has in fact raised doubts about the privacy of the Heatmap function.
Strava, a vulnerability would reveal the address of the users
The functionality Heatmap of Strava aggregates in anonymous way the GPS data of users’ physical activities to help them find new routes and see how busy they are. But the researchers of the North Carolina State University Raleigh they found that the app could allow tracking and loss of user anonymity. All by combining publicly accessible heatmap data and unique user metadata, making possible to locate the residence of the athlete.
The research team obtained publicly available Strava Heatmap map data and enlarging the images by superimposing the OpenStreetMaps maps on them has located the starting and ending points near specific houses.
Because public Strava profiles contain often timestamped activity and distance data, the researchers were able to establish possible routes and thus the home addresses of the users. By comparing the results with user registration data, the researchers found that the addresses were correct more or less in 37.5% of the cases.
The researchers explained that those who live in densely populated areas remain safer, but those who live in isolated houses are more at risk of being traced. You can fix it by going to Settings, Privacy Controls and Change Map Visibility. Researchers have alerted Strava and updates may be coming to address the issue.