Security News > 2023 > June > Strava heatmap feature can be abused to find home addresses
Researchers at the North Carolina State University Raleigh have discovered a privacy risk in the Strava app's heatmap feature that could lead to identifying users' home addresses.
In 2018, Strava implemented a feature called "Heatmap" that anonymously aggregates users' activity to help users find trails or exercise hotspots, meet like-minded individuals, and perform their sessions in more crowded and safer locations.
By comparing the endpoints from the heatmap and a user's personal data from the search function, the researchers could correlate the high activity points on the heatmap and the users' home addresses.
The public Strava profiles contain activity data with time stamps and distances, making it easier to identify potential routes that match the patterns in the heatmap data, narrowing down people and area matches.
Another way to mitigate this privacy problem would be to start the tracking after you've left your home or for Strava to create an exclusion for heatmap for a few meters around home locations as marked in OpenStreetMaps.
The heatmap feature is active by default on all Strava apps, but users can opt out through settings.