"Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones"

Researchers discovered that fitness apps such as Strava leak sensitive location information of users, even when they have used in-app features to specifically set up privacy zones to conceal their activity within specified areas. Two Ph.D. students from KU Leuven in Belgium discovered that if a person begins an activity at home, an attacker with limited skills can use high-precision Application Programming Interface (API) metadata revealed in the app to pinpoint their home location, even if they have set up an Endpoint Privacy Zone (EPZ) for that area. In addition, the researchers reported that, despite contacting the companies whose apps leaked this information, the issue remains largely unresolved. They will present their findings at Black Hat Asia in a session titled "A Run a Day Won't Keep the Hacker Away: Inference Attacks on Endpoint Privacy Zones in Fitness Tracking Social Networks." This article continues to discuss attackers pinpointing where a person lives by lifting metadata from Strava and other apps, even if they're using a feature for protecting their location information.

Dark Reading reports "Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones"