Fitness App Data Exposes Real-Time Movements of World Leaders Through Security Detail Profiles

A sweeping investigation published Thursday by the French newspaper Le Monde has revealed a significant operational security failure affecting the protection of the world’s most powerful heads of state, including President Joe Biden, Donald Trump, and Emmanuel Macron. The report demonstrates how open-source geolocation data gathered from the fitness tracking application Strava can be weaponized to track the precise movements of security personnel, thereby revealing the location of the leaders they protect. By identifying the public profiles of bodyguards within the U.S. Secret Service, the French GSPR, and even the Russian FSO, researchers were able to reconstruct “patterns of life” that inadvertently broadcasted the locations of classified hotels, diplomatic meeting points, and private retreats.

The investigation identified 26 active agents within the U.S. Secret Service and 12 members of the French presidential security group who regularly uploaded their running and cycling routes to the platform without applying strict privacy controls. While the leaders themselves do not use the app, their guards often engage in physical training in the immediate vicinity of the VIPs during downtime or prior to shifts. By correlating these timestamps and GPS coordinates with official schedules, journalists were able to pinpoint President Macron’s unannounced private trip to a seaside resort in Honfleur, Normandy, and track the movements of Melania Trump and Jill Biden with high precision. In one instance, the data revealed the location of a hotel in San Francisco where President Biden was staying for high-level talks with Chinese President Xi Jinping, hours before the president’s arrival.

This vulnerability stems not from a sophisticated software breach or a zero-day exploit, but from a fundamental failure in operational security (OPSEC) regarding the use of consumer technology by government personnel. Strava functions as a social network for athletes, encouraging users to share their performance data, which is then aggregated into “heatmaps” or visible on individual profile feeds. Despite the Pentagon banning deployed military personnel from using the app’s geolocation features in 2018—after similar data revealed the layout of secret U.S. bases in Syria—the ban has evidently not been effectively enforced or expanded to include domestic protective details. The investigation highlights that sophisticated surveillance requires no special hacking tools, only the ability to scrape and analyze publicly available metadata.

The U.S. Secret Service acknowledged the report in a statement to the press, asserting that its personnel are not permitted to use personal electronic devices while on active protective duty, but admitted that personal use during off-duty hours is not strictly prohibited. The agency claimed that the revealed data did not compromise any specific operations or pose a direct threat to protectees, though intelligence analysts argue that the ability to determine a security team’s hotel or perimeter establishes a predictable routine that hostile actors could exploit. Following the publication of the findings, the Secret Service stated it would review its policies regarding the use of location-tracking applications by its workforce.

The incident underscores the growing tension between personal digital privacy and national security in an era of ubiquitous surveillance capitalism. The leaked data included not just current locations, but years of historical archives, allowing observers to map the home addresses and family connections of the agents, creating potential vectors for blackmail or coercion. As consumer wearables and health-tracking devices become standard, security agencies are facing an increasingly complex challenge in scrubbing the digital footprints of their employees, whose digital exhaust can inadvertently compromise the safety of the world’s most heavily guarded individuals.