Security

The ‘Strava’ Fitness App Exposes User Data to Nearby Strangers

By Bill Toulas / September 22, 2020

Many cyclists and runners are using the ‘Strava’ app on their smartphones to track their sessions and log their performance data. According to what some users have been reporting recently, Strava may be beaming data around the athletes, exposing sensitive details about them to nearby users.

That would be users who aren’t connected with them in the platform as “friends,” so we’re talking about strangers who happen to pass by. This is a serious privacy violation for users of Strava, and it appears to be the result of a misconfiguration by the developers.

Related: ‘FabFitFun’ Subscribers Have Had Their ‘PayPal’ and ‘Apple Pay’ Credentials Stolen

This has been confirmed by Andrew Seward of Experian, who suddenly got a log entry on his run after another runner passed by him. Clicking on the tag would reveal her name, picture, and also her running route. Obviously, this last one could easily tell where the woman lives, so there you have it. Seward checked and confirmed that he isn’t following her by mistake or anything, and also confirmed that she isn’t publicly sharing her activity on the platform.

So, all in all, someone could approach another Strava user out there and learn who they are, where they run, and where they live. It sounds like a severe privacy exposure, and it really goes at the deepest level. Upon further digging, the culprit setting was determined to be the “Flyby,” which was set to “Everyone” by default.

Also, the “Followers” option - which should be the default for the Flyby feature in the first place - is absent in the settings.

If you’re using Strava to track your sports activities, go ahead and set the Flyby to “No One,” and you should be safe from predators and stalkers. Strava developers took note of the user reports and realized their mistake, so they have changed the default setting to “No One” now. Those who already had the app installed will be prompted to check their privacy settings and adjust the Flyby settings accordingly.

There are some running apps out there that promise ultimate privacy and anonymity, but if you want to be sure, just use an anonymous email account, add fake information on your user profile, and check the privacy settings thoroughly. If possible, turn off the GPS on your smartphone or use a wearable to track your performance and route instead, and you may sync the data later when you’re back home.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: