Your favourite running app might be putting your privacy at risk
Running apps like Strava or Nike Run Club are an essential part of many runners’ training regime these days. But unfortunately, some of these apps still fall short when it comes to privacy, security experts have found.
Researchers at UK consultancy Pen Test Partners investigated the privacy credentials of some of the most popular running apps, finding that a number of them ‘have a pretty poor approach to password security and default privacy settings.’
Of the five apps they analysed – Strava, Runkeeper, MapMyRun, Nike Run Club and Runtastic – none supported multi-factor authentication, an important tool that can help protect against cybercrime.
Although Runtastic was guilty of ‘the biggest and most worrying flaw’ – the fact that users could be tracked in real-time – when they last reviewed the apps five years ago, that app has since improved, they said.
Strava is now the app ‘found wanting’, the researchers said, due to its privacy settings being set to public by default, while other apps increasingly default to private. Strava users can still change their settings to private, but many don’t. The company had previously announced it would review the app’s privacy settings after user activity data had inadvertently revealed the location of US military bases around the world in 2018.
In a statement at the time, Strava CEO James Quarles said the company would review ‘features that were originally designed for athlete motivation and inspiration to ensure they cannot be compromised by people with bad intent.’
Users should be wary of oversharing data with fitness apps, Pen Test Partners say in their blog post: ‘Routes, live tracking, photos, and full real names make it easy for someone unknown and untrusted to find you. Also, when users share data about the equipment they’re using it makes them more attractive to burglars and thieves.’
‘Even though privacy settings have generally improved,’ they add, ‘users seem uninformed about the effects of oversharing, and unaware of the privacy settings that are available.’
Like this article? Sign up to our newsletter to get more articles like this delivered straight to your inbox.
You Might Also Like