Strava Users Beware: Privacy Concerns Exposed by Recent Research at North Carolina State University

2023-06-14 07:00:00
Bad news for all Strava users: The fitness app, which is used by over 100 million users, is apparently not as secure as the developers have previously assured. This is proven by research from the Department of Computer Science North Carolina State University (in Raleigh, North Carolina). In the heatmap provided by the application – in which particularly popular routes can be discovered – they now found an opportunity to spy on the addresses of Strava users.

Activities monitored in three states

The researchers describe their approach, including the results they collected, in a multi-page paper Document (PDF file). They first collected the publicly available heatmap data from the three US states of Arkansas, Ohio and North Carolina for over a month. During this time, the scientists say they took over a million screenshots of the map provided.

Researchers used multiple data sources

In the second step, they applied an image analysis to the data and found out where Strava users start and end their route recordings. With OpenStreetMap maps placed on top, the researchers were able to find out addresses with house numbers in many cases. In the last step, the assignment to active users was achieved using the Strava search function, which can be used to read out activity data with timestamps and distances. On the other hand, the scientists used publicly available voter lists, which they then compared with the data collected on Strava.

Success rate is almost 38 percent

The scientists’ conclusion: The more active a user is and the more remote he or she lives, the more accurate the tracking works. In densely populated areas with many routes, however, it becomes more difficult to identify individual users using the approach described. The bottom line is that the researchers achieved a success rate of 37.5 percent when tracking users.

Strava: How to prevent spying!

But there is also good news: Spying on your own address can be prevented with just a few simple steps. Users can prohibit the operators of the fitness app from using their own data for the representations in the heatmap in the “Privacy Settings” under “Aggregated Data Usage”. Furthermore, Strava allows you to set a certain distance in the “Privacy Settings” under “Map Visibility” beyond which the recorded routes do not appear in the activities.

1694279374
#Strava #Fitness #app #reveals #users #whereregardings

Leave a Replay