A recent investigation by the French newspaper The World revealed that fitness app Strava inadvertently revealed the locations of high-profile executives such as the former president Donald Trump and vice president Kamala Harris.

What did the investigation show?

The investigation, published in French and English, found that some U.S. Secret Service agents use Strava, an app commonly used by runners and cyclists to track and share their routes, record their activities and share their workouts with a community . Their use of the app unintentionally left a digital breadcrumb trail that could potentially endanger their charges.

Strava users in presidential security units, including those protecting the US president Joe BidenHarris, Trump, French president Emmanuel Macron and the Russian president Vladimir Putin were identified during the investigation.

For example, The World He traced the Strava movements of Macron’s bodyguards to determine that the French leader had spent a weekend in the Normandy resort of Honfleur in 2021. This trip, meant to be private, was not on the official agenda of the president.

In another example, The World said Biden’s security team’s activity on the app preemptively revealed the hotel he would be staying at in San Francisco for crucial talks with the Chinese president Xi Jinping in 2023. The newspaper found that hours before Biden arrived, the agent had gone jogging from the hotel using Strava, which plotted his route.

Furthermore, The World indicated the whereabouts of the former first lady Melania Trump and current first lady Jill Biden could also be located by following their bodyguards’ Strava profiles.

What did the secret services say?

In a statement to The Worldthe American secret services have assured that their protocol restricts the use of devices in service. However, they added that off-duty use is not prohibited, citing no significant security breach.

Following the report, the agency committed to reviewing the matter and providing additional guidance to staff.

“The staff concerned have been notified,” the statement said. “We will review this information to determine if additional training or guidance is necessary.”

“We do not assess whether there have been impacts on protection operations or threats to protected persons,” he added. Locations “are regularly disclosed as part of public calendar releases.”

How many agents use the application?

The World said they had identified 26 American agents, 12 members of the French GSPR, the Security Group of the President of the Republic and six members of the Russian FSO, or Federal Protective Service, all responsible for presidential security, who had public accounts on Strava and Strava therefore communicated their trips online, including during business trips.

However, The World did not identify the bodyguards by name for security reasons.

The impact of the investigation

The investigation highlights possible security breaches stemming from Strava traceable data, particularly when security officers, charged with pre-arranging trips, inadvertently reveal sensitive locations like hotels where world leaders come together later for high-stakes meetings.

The report also highlights that bodyguards using their full name on Strava could reveal additional sensitive information, such as home addresses or family information, which could then be used for malicious purposes.

However, in response, Macron’s office said on Monday that the consequences of the problems reported by The World “are very light and in no way undermine the security of the President of the Republic”, adding that the local authorities are informed in advance of Macron’s movements and that the places where Macron stays are always perfectly secure, “the The risk is therefore not great. existing.”

“A reminder was nevertheless sent to the agents by the chief of staff asking them not to use this application,” added the Macron cabinet.

This incident highlights the growing need for stricter regulation around fitness apps and the use of consumer data, according to Ibrahim Biggili, a cybersecurity professor at Louisiana State University. Biggili’s research warns of the risk of misuse of fitness data, which could increase stalking, theft or even more serious risks. Consumers, he noted, often unknowingly allow companies to exploit their data.

“Companies love our data and we love the product, which is why we give it away for free,” he told the Associated Press. “The government really needs to start cracking down on how data can be used and how long it can be kept.”

This article includes reporting from the Associated Press.