Security concerns have been raised after a fitness tracking firm has inadvertently shown the exercise routes of personnel in sensitive areas around the world.

San Francisco based Strava  provides an app that uses a mobile phone’s GPS to track a subscribers exercise activity. The online fitness tracker “Strava” publishes a “heatmap” which shows the paths its users log as they run, cycle or swim. It uses the collected data, as well as that from fitness devices such as Fitbit and Jawbone, to enable people to check their own performances and compare them with others.

However, the “heatmap” appears to show the structure of foreign military bases in countries including Syria and Afghanistan as personnel move around them.

Strava says the newest version has been built from one billion activities – some three trillion points of data, covering 27 billion km (17bn miles) of distance run, jogged or swum. But it is not a live map. The data aggregates the activities recorded between 2015 and September 2017.

Nathan Ruser, a 20-year-old Australian university student who is studying international security at the Australian National University and also works with the Institute for United Conflict Analysts  came across the Strava map while browsing a cartography blog.

It occurred to him that a large number of military personnel on active service had been publicly sharing their location data and realised that the highlighting of such exercises as regular jogging routes could be dangerous.

“I just looked at it and thought, ‘oh hell, this should not be here – this is not good,'” he told the BBC.

“I thought the best way to deal with it is to make the vulnerabilities known so they can be fixed. Someone would have noticed it at some point. I just happened to be the person who made the connection.”

In his Twitter post, @Nrg8000 (Nathan Ruser) tweeted “Strava released their global heatmap. 13 trillion GPS points from their users (turning off data sharing is an option). https://medium.com/strava-engineering/the-global-heatmap-now-6x-hotter-23fc01d301de … … It looks very pretty, but not amazing for Op-Sec. US Bases are clearly identifiable and mappable” 

Although the location of military bases is generally well-known and satellite imagery can show the outline of buildings, the heatmap can reveal which of them are most used, or the routes taken by soldiers.

It displays the level of activity, shown as more intense light, and the movement of personnel inside the walls. It also appears that location data has been tracked outside bases – which may show commonly used exercise routes or patrolled roads.