Vulnerability in Polar: Leaking User Location

The French wearable smart device company Polar provided a vulnerability in the privacy settings of the app, resulting in a function in the app will reveal the user’s location information. The company has stopped related services.

Polar is a French company that produces a wide range of smart devices, including Polar Balance smart scale, M600 smartwatches, M430 running watches, all of which can be connected to the company’s fitness app, Polar Flow.

Explore is a feature of Polar Flow that is equivalent to a user’s activity map and can track activity data for many users around the world. If the user decides to share data publicly through Explore, others can see all of his workout information. Users can also set the data to be private so that the Polar service does not share information with third-party apps.

The survey found that malicious users can use Polar map data to determine the location of sensitive military bases, and also obtain the user’s name and address information. In the Explore map, you can see the user’s activities, even the actions of the soldiers, who fight ISIS in Iraq.

On Friday, Polar issued a statement apologising for his negligence. It also said that the company has disabled the Explore function in the Flow App and noted that it had not leaked data before. The company said: We are “analyzing the best options that will allow Polar customers to continue using the Explore feature while taking additional measures to remind customers to avoid publicly sharing GPS files of sensitive locations.“