The popular fitness-tracking app, Strava was in the news for the wrong reason late last month, after a 20-year-old student and an analyst blew the whistle on the app for revealing the location of secret US airbases.
In case you are wondering, Singapore is not spared from such security flaw. A Facebook user named, Muhd Amrullah said in his post that it took him “less than 20 mins to figure out the patrol paths, supply routes, trails and roads within Gombak Base, where the Ministry of Defence in Singapore is situated.”
It may not be a secret on where the Ministry of Defence is located in Singapore. But how it looks like should remain a secret
Although Strava CEO, James Quarles, had posted an online letter addressing the security concerns and touched on what users can do to fortify their privacy while using the app, it remains uncertain what governments can do to prevent further leaks.
While a complete ban on fitness trackers may resolve the issue once and for all, but it is not sustainable, according to Blackberry’s Chief Security Officer, Alex Manea.
He said that “fitness apps and smartwatches are just the tips of the iceberg as the number of connected wearables is expected to increase, close to a billion, by 2021.”
“Just as they did with mobile devices a decade ago, governments and enterprises need to understand that consumer IoT devices are here to stay, and need to create a strategy to integrate these types of devices into their security architecture,” said Alex.
However, to formulate and integrate a workable strategy into governments’ security architecture may take years from now to come to fruition. So to combat the current loophole, education could be the key.
“Since these types of devices are currently unmanaged, the best way to reduce these types of leaks today is through employee education. Users need to understand that these types of apps and devices often collect huge amounts of personal data and that this type of information can be extremely damaging if it ends up in the wrong hands.”
The revelation of the security flaw has raised a lot of eyebrows on location tracking, which is a useful feature for app makers to better understand their users’ habits and to enhance app experiences. It also highlighted the need for app makers who use location tracking as one of their main features to be more transparent.
According to Alex, “app makers need to be upfront about the types of data they are collecting and how they are going to use them. They also need to understand that even “anonymised” data is never truly anonymous, and the release of data could lead to unintended consequences.”
“This is not a new issue, but it’s one that will only become more important as devices continue to get more personal and collect more data about us,” said Alex.