Run Without Tracking: Privacy in Running Apps

[Man]

Running apps know a lot about their users. So it wouldn't hurt to set them up so that your data doesn't fall into the hands of just anyone - we'll tell you how.

Fitness apps, by their very nature, have access to a lot of personal data, especially those that track a variety of outdoor activities, primarily running. During tracking, they collect a ton of data: heart rate and other physical activity parameters, number of steps, distance traveled, elevation gain, and, of course, geolocation, to analyze your workout in as much detail as possible.

And people rarely run in random places. Usually their routes are repeated and located somewhere near home, work, school, military base ... That is, a place where a person is often and, most likely, at the same time. What happens if this information falls into the wrong hands?

The consequences could be catastrophic. For example, a few years ago, a map published by one of the running apps revealed the location of a number of secret military facilities. And in the summer of 2023, presumably thanks to data from the same app, a hired killer shot and killed the commander of a Russian submarine, Stanislav Rzhitsky, while he was jogging.

Of course, geodata leaks can be dangerous not only for the military. It is not difficult to imagine scenarios in which they can lead to trouble not only for the obvious targets of a targeted attack (for example, celebrities, politicians, or top managers of a company), but also for ordinary people.

Knowing about your movements, attackers are happy to use them for blackmail and intimidation. The notorious "I know where you live and all your movements" significantly increases the likelihood that the victim will get scared and comply with the demands of the scammers.

In addition to direct threats, geo-tracking perfectly complements data leaked from other applications or collected using doxxing, which significantly increases the success of a targeted attack. And do not think that you certainly will not interest the scammers enough to arrange a complex attack. Anyone can become a victim, and the ultimate goal of the attackers is not always financial gain.

But it’s not just geodata that running apps collect and analyze. Like all fitness apps, they track activity and physical condition, which can tell a lot about a person’s health. And this information can also be useful for a social engineering attack. After all, the more an attacker knows about the victim, the more sophisticated and effective their actions.

So, it’s worth approaching the choice of a running tracking app and setting up its privacy as consciously as possible – and our tips will help you with this.

General tips for choosing a running app and setting up privacy in it​

The first thing you should definitely not do is install all the running trackers one after another and then choose the one you like the most. This way, you will give your personal data to everyone, which will significantly increase the risk of it falling into the hands of intruders. The fewer applications you use, the lower the risk of leakage. But it is worth remembering that no company can guarantee 100% data security.

Some invest more in the security of their users, some less, and it is better to give preference to those who take the security and anonymization of user data seriously. To do this, you should carefully study the privacy policy of the selected application. Conscientious developers will indicate what data the application collects, for what purpose, which of them can be transferred to a third party, what rights the user has in relation to personal data, and so on. It will also be useful to search the Internet or ask the AI assistant whether there have been cases of data leaks in the application you are interested in. To do this, simply enter the name of the application plus data breaches or data leak in the search query. And, of course, user reviews are also in order.

Once you've selected and installed the app, the first thing you need to do is set up privacy settings. Unfortunately, many running trackers, with their default settings, share the data they collect with the entire Internet, including your geo-tracking. You'll find links to detailed instructions on setting up privacy in the most popular running apps (Strava, Nike Run Club, MapMyRun, adidas Running, and ASICS Runkeeper) at the end of the post.

As with any other app, it's worth taking advantage of your smartphone's operating system to minimize tracking. For example, in iOS, when you first launch an app, you can prevent it from tracking your activity in other apps. Don't ignore this suggestion.

In addition, you should not grant your running tracker access to data that it does not need to work, such as photos, calls, messages, and contacts. And to reduce the amount of location data collected, do not allow fitness trackers (and most other apps) to constantly monitor your geolocation - select the "Only while using" option, available in iOS and the latest versions of Android. You can set this parameter both at the first launch and later, by checking all the permissions the app has in the smartphone settings.

In general, it's worth periodically going into your smartphone's privacy and security settings and checking what data certain apps have access to. On Android devices, this can be done conveniently using Kaspersky for Android.

Remember that privacy settings won't protect you from surveillance if someone guesses your account password. Unfortunately, none of the popular running apps support two-factor authentication yet, although they should. So the best thing you can do to protect your account is to come up with a complex and long password, at least 16 characters long, or even longer. Of course, it should be unique. And to remember this combination of characters, save it in a password manager. By the way, you can also generate the most reliable random password in it.

Privacy settings for popular running apps​

We've rounded up the most popular running apps and provided privacy guidelines for them. Subscribe to our blog to stay up to date with instructions on setting up your running tracker. As we publish, we'll update this post with links to privacy guides for the following apps:

• Strava
• Nike Run Club
• MapMyRun
• adidas running
• ASICS Runkeeper

Source

 

[Man]

How to Set Up Security and Privacy on Strava.​

Detailed instructions on setting up privacy in the popular running, hiking and cycling app Strava.

In a previous post about the privacy of running apps in general, we detailed why these apps are a veritable Klondike of personal data for scammers and criminals of all sorts. Unfortunately, by default, they share your sensitive information with anyone, including your exact geolocation. The results, as we’ve already written, can be disastrous — from leaks of the location of secret facilities to stalking and attempted murder.

There we also shared detailed instructions on general smartphone settings to minimize these risks. In this and the following posts, we will talk about the fine-tuning of the most popular running apps. Let's start with Strava.

Strava (Android and iOS versions) is probably the most popular app for tracking running, cycling and just walking workouts. And the last one, remaining independent: all the other “big” running apps have already been bought by sportswear and shoe manufacturers. Incidentally, it has become the hero of several incidents involving open data, such as the publication of a map that revealed the location of a lot of secret objects.

Strava also tends to be the center of criticism whenever the issue of how users track others through fitness apps comes up. I can’t help but note that the criticism is still valid: Strava’s default user profile is anything but private — the app really wants you to share your data with the entire Internet.

But this can be fixed — fortunately, Strava has quite a few privacy settings. To get to them, click the You button in the lower right corner of the screen, then click the gear button in the upper right corner of the screen and select Privacy in the window that opens .

Where to find privacy settings in the Strava app: You → Settings → Privacy
First, make your profile private by selecting Profile Page and changing its visibility to Followers. Then, go through Activity, Group Workouts, Flybys, Local Legends Sites , and Mentions and set them all to either Followers or, even better, Just You/No One.

Now I recommend going to the Map Access item and choosing one of the following ways in which the application will hide your workout maps.

• Hide workout start and finish points in specific areas . This feature allows you to use an address and a radius in meters to define an area in which your movements will be hidden. This can be used to disguise your regular start and finish locations, such as your home address.
• Hide the start and end points of workouts regardless of where they take place . Here, you just need to select a radius in meters and any start and finish points will be automatically hidden. This option is more convenient than the first one, and you don’t have to share your address with the app.
• Hide all your activity cards . When you select this option, all geodata from your next (but not past) workouts will be visible only to you.

How to hide your activity geodata in the Strava app: You → Settings → Privacy → Map access
It's worth keeping in mind that if you use Strava frequently, the option to hide the start and end points of your workouts may not be reliable enough. A study published in late 2022 demonstrates a method that allows you to identify the location of a hidden point in 85% of cases. So I recommend choosing the third option: Hide all your activity maps → Hide all maps .

Please note that privacy settings in Strava are not retroactive. So if you have any workouts already recorded in the app, the hiding features will not apply to them. To fix this, go to Edit past workouts , click the Get started button , select the Workout data visibility option and click Next . In the next window, select one of the visibility options: Followers or Only you, - and click Next again . After some time (not immediately), your past activities will be hidden.

How to hide past activities in the Strava app: You → Settings → Privacy → Edit past activities
The next tip is for those who regularly train at a secret facility and don’t want to accidentally give away its location. Go to Use aggregated data and toggle the switch next to Contribute training data to anonymous aggregated data sets to the off position . This will prevent your runs from showing up in places like Strava Metro, the global heat map (the same map from the leaked military base locations), “Points of Interest,” and “Start and Finish Points.”

Go to the Public photos on routes section and turn off the switch next to Share photos with the community . If you have a private profile and your activities are hidden from the public, then the photos you add to your runs should not be visible anyway. But just in case Strava decides to change something, it makes sense to turn this off explicitly.

Finally, go to Sharing Personal Data and turn on the switch next to Don't share my personal data . This will prevent Strava from selling your data to other organizations for use in targeted advertising (or whatever those unknown organizations do?).

Congratulations, you've now set up your Strava privacy properly!

If you use other running apps to track your workouts, our instructions will help you set up their privacy:

• Nike Run Club
• MapMyRun
• adidas Running (formerly Runtastic)
• ASICS Runkeeper