The U.S. military is reviewing its policies on app privacy after a fitness app revealed the location of sensitive military sites around the world.
The announcement came Monday after researchers using data from the user activity “heat map” uploaded by the fitness tracking app Strava were able to find a number of U.S. military installations across the Middle East and other government facilities across the globe.
The Pentagon said it was “in the process of implementing refined guidance on privacy settings for wireless technologies and applications,” according to a statement sent to the Washington Post. Though the government doesn’t appear to have guidelines specifically pertaining to apps like Strava, it urges employees to exercise discretion about what they put on public internet accounts.
The Strava map was first uploaded last November, but information about military activity was only spotted over the weekend by analyst (and Australian National University undergraduate student) Nathan Ruser.
Other experts quickly pored over the map, and found previously undisclosed Patriot missile launching sites, possible patrol routes, and even a staggering security flaw in Taiwan’s missile system.
In countries like Afghanistan and Iraq, where the U.S. maintains a significant military presence, the Strava map reveals predictable hotbeds of activity around well-known and highly populated facilities, like the Bagram Air Base north of Kabul.
An examination by VICE News shows unidentified facilities with substantial Strava activity, including one base northwest of Jalalabad that doesn’t appear on Google Maps satellite images.
We’ve embedded images below of some installations picked up on the Strava map; the company did not immediately respond to a request for comment.