Polar, the makers of fitness wearables and an associated fitness mobile app, has gotten itself into a controversy that comes at a time when data privacy is the topic that is making headlines. As per a couple of reports last week, Polar's fitness tracking app seems to have given away location and personal information of users residing or working in confidential locations including secret military bases, intelligence agencies, law and order agencies, on submarines, and at nuclear power plants. Since the controversy surfaced, Polar has issued a statement denying the charges of any data leak and suspending its Explore API to prevent further issues.
As per reports by Bellingcat and De Correspondent, Polar's Explore tab had major shortcomings, one of them being public access to user location markings in any place across the globe. While this may seem similar to the privacy scandal that Strava was part of this January, the Polar Flow social platform offers data publicly and in a more accessible way. The report suggests that people generally tend to switch on/ off their fitness trackers while entering or exiting their homes. This marks a location stamp on their house and allows anyone to access their personal information by just browsing to any location on the global map.
That's not all; Polar also lets you view the entire exercise history of a user since 2014. Talk about adding fuel to fire. Thus, effectively, you can navigate to any location of your choice, select a profile, and get the entire history of that individual. As part of the joint investigation, it was found out that individuals like a high-ranking officer at an army base equipped with nuclear weapons can be tracked with much detail. While the signup form shown after installation can be inputted with fake information, most users tend to enter genuine information and might also link the app to one of their social profiles such as Facebook.
The reports examined more than 200 of these "sensitive" locations and found details of over 6,490 high-risk individuals across 69 nationalities, including locations in Russia and Afghanistan. A total of 650,000 exercise logs were discovered in the investigation. It also points towards the grave danger that this kind of an access gives, considering individuals in these locations are required to stay undercover or in disguise.
As part of its response, Polar seems to have shut down its Explore API for the time being and has promised to "raise the level of privacy protection and heighten the awareness of good personal practices when it comes to sharing GPS location data."