Strava’s updated global heatmap has revealed the location of sensitive military bases, with military analysts expressing concern over the weekend that the information could affect security.

As military personnel on the bases use Strava to log their cycling and running activities, details of the military bases are revealed – including how much activity there is within them.

Strava‘s heatmap is a visual representation of one billion of its users’ activities equating to 17 billion miles (27 billion kilometres). Every cycle ride, run or other activity is shown as a line, with multiple uses of the same route shown as brighter lines or points on the map.

Military personnel in a base, for example, could use the roads within a base for running and cycling. When uploaded to Strava and shown on the openly-accessible heatmap, the roads become very clear.

>>> From Colombia to Cumbria: The 16 most brutal Strava climbs anywhere in the world

The issue was noticed by Australian military analyst Nathan Ruser, who aired his concerns on Twitter.

“Strava released their global heatmap,” wrote Ruser. “13 trillion GPS points from their users (turning off data sharing is an option). It looks very pretty, but not amazing for Op-Sec [operational security]. US Bases are clearly identifiable and mappable.”

Ruser gave the example of forward military bases in Syria and Afghanistan, which showed up as clearly identifiable bright dots on Strava’s heatmap as in those regions almost all of the Strava activity is by visiting personnel.

As Ruser points out, personnel who wish to track their activities but keep them private could have changed their privacy and data sharing settings on Strava, but evidently have not done so.

Strava said in a statement: “Our global heatmap represents an aggregated and anonymized view of over a billion activities uploaded to our platform. It excludes activities that have been marked as private and user-defined privacy zones.

“We are committed to helping people better understand our settings to give them control over what they share. For more information about Strava privacy, please visit https://blog.strava.com/privacy-14288/.”

“If soldiers use the app like normal people do, by turning it on tracking when they go to do exercise, it could be especially dangerous.”

Posting an image of a route to and from a base, Ruser noted: “This particular track looks like it logs a regular jogging route. I shouldn’t be able to establish any pattern of life info from this far away.”

Some soldiers had also used Strava to log patrols, giving away details of routes taken by military personnel.

This is also true of British military bases. For example, personnel at MoD Boscombe Down in Wiltshire have also evidently been logging activities on Strava with routes around the sensitive military aircraft testing site shown as bright lines.