Polar, a Finnish manufacturer of sports watches and wearable activity trackers, has temporarily disabled the activity map feature of its app, Polar Flow.
The decision was made following a report that the data collected by the map feature can be accessed – relatively easily – by third parties to determine the addresses and other personal details of users, who include military and intelligence officers around the world.
The report was published by Long Play, a Finnish collective of investigative journalists, De Correspondent, a Dutch news website, and Bellingcat, a British website for citizen journalist investigations. The vulnerability identified in the report is real, Marco Suvilaakso, the chief strategy officer at Polar, confirmed to Uusi Suomi on Monday.
“Our system has had the weakness that even if a user has a private profile but has his shared training data publicly even once, they have also shared their user IDs. The ID enables you to search for more training and location data from the same user,” he explained to Helsingin Sanomat.
By analysing patterns in the data, it is then possible to determine the home and work addresses of the user.
Suvilaakso told Uusi Suomi that the feature was shut down last week after the company learnt that the report would be published on Sunday. He also underscored that 98 per cent of the users have a private profile and are therefore unaffected by the privacy issue.
“We wanted to offer the [affected] users an opportunity to update their settings,” he added.
Aleksi Teivainen – HT
Photo: Roni Rekomaa – Lehtikuva
Source: Uusi Suomi