How this fitness app reveals Biden’s, Trump’s and Putin’s whereabouts

An investigation by French newspaper Le Monde found that the highly confidential movements of U.S. President Joe Biden, presidential rivals Donald Trump and Kamala Harris, and other world leaders can be easily tracked online through a fitness app that their bodyguards use.

But the U.S. Secret Service told the newspaper that it doesn’t believe the protection it provides was in any way compromised.

Le Monde found that some U.S. Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English. Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community.

Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin. In one example, Le Monde traced the Strava movements of Macron’s bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn’t listed on the president’s official agenda.

Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards’ Strava profiles.

In a statement to Le Monde, the U.S. Secret Service said its staff aren’t allowed to use personal electronic devices while on duty during protective assignments but “we do not prohibit an employee’s personal use of social media off-duty.”
“Affected personnel has been notified,” it said. “We will review this information to determine if any additional training or guidance is required.”

“We do not assess that there were any impacts to protective operations or threats to any protectees,” it added. Locations “are regularly disclosed as part of public schedule releases.”

In another example, Le Monde reported that a U.S. Secret Service agent’s Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden’s arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found.

The newspaper’s journalists say they identified 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.

It said movements trackable on Strava could lead to security breaches, especially when security agents travel in advance to places like hotels where leaders then stay and hold meetings.

Macron’s office said Monday that the consequences of the issues reported by Le Monde “are very slight and in no way affect the security of the President of the Republic.”

Local authorities are aware of Macron’s movements ahead of time and the places where Macron is staying are always fully secure, “so the risk is non-existent,” the statement said.

“A reminder was nevertheless issued to agents by the chief of staff asking them not to use this app,” Macron’s office added.

The Harris campaign deferred comment on the security issue to federal officials. In response to questions posed to the Trump campaign, a spokesperson for the Republican National Committee repeated some of its criticisms of the Biden administration but did not address the vulnerability or how the campaign has responded.

The security risks associated with fitness apps show the need for better regulations on how tech companies can use consumer data, according to Ibrahim Baggili, a computer scientist and professor of cybersecurity at Louisiana State University.

Baggili’s research has exposed how bad actors could use fitness app data to track potential victims—creating risks for stalking, robbery and other crimes.
Consumers often grant app developers the right to use or sell their data when they agree to the terms of service, Baggili said.

“Companies love our data, and we love the product, so we give away the data for free,” he said. “The government really needs to start cracking down on how data can be used and how long it can be retained.”

Identifying the presidential bodyguards—some of them using their full name on Strava—could also help in finding other details about their personal addresses, their families, their movements, and photos they posted on various social media, all of which could possibly be used to put pressure on them for malicious purposes, the report stressed.

AP reporter David Klepper contributed from Washington.

—Sylvie Corbet, Associated Press

https://www.fastcompany.com/91218251/fitness-app-revealing-biden-trumps-whereabouts?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss