Someone using a map app on their smartphone. I going to make a greatest artwork as I can, by my head, my hand and by my mind / Getty Images

Your favorite mapping app may be revealing more information than you realize.

The fitness app Strava could lead to users' home addresses being exposed, according to new research. It's part of a concerning trend of software that leaks data, experts say.

"Even when a mapping app like Strava aggregates and anonymizes such data, when that data is combined with other public information about a person, you can sometimes deanonymize that person," Brian Callahan, the graduate program director in the Information Technology and Web Science Department at Rensselaer Polytechnic Institute told Lifewire in an email interview.

Leaking Your Data

Strava is a fitness app where you can share your activities and stats with others for encouragement and competition. The app's map shows the route every Strava user takes with time stamps. Although data collection is anonymized, researchers from North Carolina State University's Department of Computer Science claim this information can be de-anonymized, revealing Strava users' locations, frequented routes, and identities. Strava hides activity data for private profiles in its database.

... seemingly anonymous data is not truly private and can leak information about users.

"The ability to identify the home address of Strava users is a violation of user privacy," the researchers wrote in their paper. "It demonstrates that seemingly anonymous data is not truly private and can leak information about users."

One concern is that criminals could use the leaked Strava information, Jon Clay, the vice president of threat intelligence at Trend Micro, told Lifewire via email. He said the map's street view could show details of the location on the map, and if this is your home, it could provide information to anyone looking to enter.

"The main challenge with privacy is that mapping apps want to show you as much information about the location as possible," he added. "The time the image was taken may introduce things that you don't want to be shown, like cars, people, entries, animals, etc."

This isn't the first time that online maps have spilled user information. For example, it was revealed that the NSA and its British counterpart GCHQ were using "leaky apps" like Angry Birds, Google Maps, Facebook, and Twitter to siphon user data.

Someone using a smartphone as a guide in a city. d3sign / Getty images

Another example is Baidu Apps, which were banned from Google Play in 2020 after researchers found that they leaked "sensitive" user data to a Chinese server. The apps had as many as 6 million users in the US alone, with tens or hundreds of millions more globally. The researchers claimed that the leaked data made users trackable, potentially over their lifetime.

Staying Safe from App Data Leaks

Users should be careful about oversharing data with apps like Strava, Richard Bird, the Chief Security Officer at the cybersecurity firm Traceable said in an email interview. He suggested you go into the privacy settings and assess the options with a "worst-case scenario" mindset.

"What pieces of information could a stalker, a thief, or any other kind of bad actor find useful?" he asked. "Think like a bad guy when it comes to your data, don't expect any of these types of companies to do the right thing or watch out for your privacy and safety concerns. History has shown they don't care."

If the mapping app allows, you can request to blur certain types of information like faces, homes, cars, and license plates, Clay said. Some apps can allow you not to share your information, but that option usually comes with limited features.

That said, for the average user, there are far easier ways to find their home addresses than to stalk their exercise data, Georgia Weidman, a security architect at the cybersecurity company Zimperium said in an email. The Strava researchers noted that they used voter registration data to verify their results.

"In many states, this data is public," Weidman added. "For many users, a simple Google search will reveal their address. However, for a user whose location's privacy is paramount, be it a deployed military member or someone on the run from an abusive spouse, data shared through social apps can lead to a personal security compromise and should be used with extreme caution."