Information leakage through mobile devices isn’t a new problem for the military. Given their promise of mobility with rich functionality, mobile devices are being deployed with broadening use cases throughout the United States Department of Defense. All the while, massive quantities of information are stored and accessed by these devices without there being a comprehensive and specialized security policy dedicated to protecting that information.
Recently, a popular fitness app called Polar Flow provided a convenient map for anyone interested in shadowing government personnel who exercised in secret locations, including intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world. It is not only revealing the vitals of the exercises carried out by individuals at military sites, but also the same information from what is likely their homes as well.
Polar Flow temporarily suspended an API at a website that exposed a rich vein of user information in response to the startling revelations by Bellingcat and De Correspondent. It also emphasized that it had not leaked any data and that there had been no breach of private data. The vast majority of its customers maintained the default private profile and session settings and were not affected by the issues described in the report as per its statement.
Users need to be aware of the kind of data they’re putting out there. Any data you put out there, whether it’s on Facebook or on an app like this, you need to utilize the security mechanisms that are in place for the application itself, at the very least.