A popular fitness app, Polar Flow provided a convenient map for anyone interested in shadowing government personnel who exercised in secret locations, including intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world.

Showing off how sporty you are is one of the key features of most fitness apps – but only if done voluntarily. A free for all on your profile including your training routes is too much though.

This is exactly what happened with Polar. Thanks to a feature called “Explore Map” every users’ route could be tracked for the time-span in which the profile was not set to “private”.

Through the Polar flow app and public information, such as social media profiles, Bellingcat and De Correspondent identified a number of people working in sensitive positions, including the following:

• Military personnel exercising at bases known, or strongly suspected, to host nuclear weapons.
• Persons working at the FBI and NSA.
• Military personnel specializing in cyber security, IT, missile defense, intelligence and other sensitive domains.
• Russian soldiers in Crimea.
• Military personnel at Guantanamo Bay.

API Shutdown

In response to the Bellingcat and De Correspondent findings, Polar Flow temporarily suspended an API at a website that exposed a rich vein of user information.