Researchers from North Carolina State University Raleigh have identified a privacy risk in Strava’s heatmap feature, which could potentially lead to the identification of users’ home addresses. Strava is a widely used fitness-tracking app with over 100 million users worldwide, offering features such as GPS tracking and heart rate monitoring.
Furthermore, the heatmap feature, introduced in 2018, aggregates users’ activity data to help them find popular exercise spots and connect with fellow users. However, the researchers found that by combining publicly available heatmap data with specific user metadata, it becomes possible to track and de-anonymize users.
Additionally, the researchers conducted their study by collecting publicly available Strava heatmap data for selected states and used image analysis techniques to identify start/stop areas near streets, indicating potential home addresses.
By overlaying OpenStreetMaps images and leveraging Strava’s search function, they correlated high activity points on the heatmap with users’ home addresses. The researchers found that users who are more active and post a higher number of activities are more easily identified. In their research, they achieved a 37.5% accuracy rate in predicting home addresses by comparing the heatmap data with voter registration records.
To enhance privacy on Strava, the researchers suggest several mitigation strategies. These include living in densely populated areas with extensive heatmap data, initiating tracking after leaving home, creating exclusions for heatmap near home locations, and allowing users to set privacy zones.
Additionally, users concerned about privacy should keep their profiles private on the Strava app to avoid exposing personal information.
