Some of the most popular. That’s the verdict from who examined the leading running apps five years apart and found only a few apps had improved — and not by much. Running a lot about you as you use them. Your health data, like your height and weight, are used to calculate how many calories you burn, and your can track your workout route from door to door. But in the wrong hands, this where you live or where you work. In 2018, Strava said it would simplify its privacy features to allow its users greater control over their data after researchers found Strava military bases and secret government facilities.
Now, researchers at U.K. cybersecurity firm Pen Test Partners say many of the topStrava, Runkeeper, MapMyRun, Nike Run Club, and Runtastic — still don’t use basic security measures to prevent hackers from breaking in or health and fitness data spilling out. Only Runtastic had set a more robust password policy over the past five years, while the other some of the most basic passwords like “123456” and “password,” the researchers found in their testing. Malicious hackers often automate accounts with known or easy-to-guess passwords. Worse, none of the to set up two-factor authentication, a feature that puts an additional barrier in place to prevent malicious hackers from reusing stolen passwords. shows even the simplest form of two-factor authentication can prevent most automated password reuse attacks.
We asked each app maker why they had not implemented two-factor authentication. None of the companies commented. The researchers also found that while Runtastic, Nike Run Club, and MapMyRun hadcontrols, Strava had seen “no significant change.” From their report: “Strava and Runkeeper are configured to share user data by default publicly. Changing these settings in the application is possible, but it takes some time to find and set them correctly, which is probably not the first consideration for a regular user.” “Nike Run Club, Runtastic, and MapMyRun [were] found to have better settings enabled, which means they do not share users’ data by default as the other applications do. They only share your training information with friends or followers,” the report said.