In a month, Dhushan Puvanachandran runs at least 25 times. Whether he’s running through his neighbourhood in Brampton, Ont., or on a treadmill, it’s almost second nature for Mr. Puvanachandran to track his pace, heart rate and distance and share it with his friends.
The ability to share highlights of successful runs via apps such as Nike Run Club is one way to motivate himself to keep going. “Getting those affirmations definitely helps when you share milestones,” said Mr. Puvanachandran.
Fitness apps such as Strava, Nike Run Club and Garmin Connect that allow users to track their workouts and share information about their timing, intensity and progress with friends are popular in running groups and other fitness circles. Users say the ability to build a community around physical activity, connect with friends and challenge each other is a big draw.
“With both Strava and Garmin, there’s that social aspect of having all these badges that you can collect for accomplishing a certain number of activities,” says Mackenzie Rozga, a runner in Toronto. “You can compare [with] your contacts. Which badges do they have? Which badges do I have? What do I want to get? That kind of helps [with] that motivation piece.”
Despite the popularity of these apps, sharing location information and other sensitive details brings up privacy and security issues. Experts encourage users to practice caution.
“What concerns us is that a large proportion of these apps also incentivize people to share sensitive information about their whereabouts including where they go on runs, or other exercises, and also where they begin and end those runs,” says Adam Bates, an associate professor of computer science at the University of Illinois at Urbana-Champaign.
Many people begin their runs or other fitness activities at home or near home, which makes that information easily accessible, says Mr. Bates.
Kim Munro Roberts, a Toronto-based runner who used fitness apps including Strava for more than two years, says she stopped using the app after reading a 2018 New York Times article that showed Strava had unwittingly revealed the locations and habits of military bases and personnel, including those of American forces in Iraq and Syria.
For Ms. Munro Roberts, the fear hit closer to home when someone left a comment on social media about her location after seeing a run she had completed during a visit to her family home. “It was just like, ‘Oh my God. I didn’t realize you were paying that close attention.’ "
At the University of Illinois at Urbana-Champaign, Mr. Bates, Wajih Ul Hassan and Saad Hussain published an analysis of privacy protections in fitness tracking apps in 2018. The analysis looked at the effectiveness of Privacy Zones, a measure implemented by Strava that allows users to conceal fitness activity that occurs within a certain distance of sensitive user locations such as homes or workplaces. Mr. Bates and his team collected a month-long activity dataset of public posts from Strava and found that 95.1 per cent of regular Strava users were at risk of having their homes and other sensitive locations exposed.
“We demonstrated that for some 23 million exercise activities, we could actually figure out where the hidden location was 95 per cent of the time,” said Mr. Bates. In response, Strava announced that it would better obscure sensitive locations by moving the focal point of a Strava member’s privacy zone from the centre to “a nearby and, crucially, random location.”
With these changes, Mr. Bates says users of the apps today should feel safe. But that’s not all they need to do. “I think you can rely on a privacy zone in Strava today to protect your home address. Although, you need to think about using a privacy zone in concert with other privacy precautions because the privacy zone doesn’t solve all your privacy problems.”
However, some users feel that route-sharing apps can be a safety measure for people running alone, especially women. Madelaine Coelho, a runner and a graduate student at the University of Toronto pursuing a doctorate in sociology, says she uses the iPhone app Find My Friends to share her location with those close to her when she’s either running or out late. “In the grand scheme of things, I think women have always been expected to protect themselves,” says Ms. Coelho. “If you get hurt, a lot of times it’s like, why were you running in that area? Or, why were you running late at night?”
Mr. Bates calls the situation a ‘double-edged sword’ because route-sharing apps can be a protective measure for women, but they can also aid in intimate partner violence when misused. “These same technologies are the tools of abusers. So, it’s definitely a precarious situation that we find ourselves in today.”
Joel Reardon, assistant professor of computer science at the University of Calgary, says concerns about privacy shouldn’t be limited to fitness apps. All mobile apps that ask to track your location or access any sensitive information can also pose a security risk. Once you give an app permission to access your location data, there is a high chance that third parties can also access that same information without your direct knowledge, says Mr. Reardon.
Another request users should ignore is allowing apps to access contact information stored on a user’s phone. If it’s granted, anyone in a user’s contact list could have access to a user’s activity on the app. “There are many reasons why you might have someone’s number on your phone as a contact – and not necessarily because they’re your friends and you want them to see where your location is.”
Mr. Reardon recommends that when downloading an app, users should not simply accept the default privacy settings. “If I were to make a recommendation, it would be to go into the settings and make sure that the privacy options available [are] configured correctly.”