US military movements in Syria were revealed by location info available for purchase from smartphone apps, says a new report today. This included enough information to identify the location of an undeclared US military base in the country.

The sensitive location information was harvested from weather, games, and dating apps on the phones of US soldiers, and appears to include special ops personnel …

The WSJ said that the security breach came to light when a US contractor was working on software it hoped would enable the US to track the movements of Syrian refugees.

In 2016, a U.S. defense contractor named PlanetRisk Inc. was working on a software prototype when its employees discovered they could track U.S. military operations through the data generated by the apps on the mobile phones of American soldiers.

At the time, the company was using location data drawn from apps such as weather, games and dating services to build a surveillance tool that could monitor the travel of refugees from Syria to Europe and the U.S., according to interviews with former employees. The company’s goal was to sell the tool to U.S. counterterrorism and intelligence officials.

But buried in the data was evidence of sensitive U.S. military operations by American special-operations forces in Syria. The company’s analysts could see phones that had come from military facilities in the U.S., traveled through countries like Canada or Turkey and were clustered at the abandoned Lafarge Cement Factory in northern Syria, a staging area at the time for U.S. special-operations and allied forces […]

When PlanetRisk traced telephone signals from U.S. bases to the Syrian cement factory in 2016, it hadn’t been disclosed publicly that the factory was being used as a staging area for U.S. and allied forces. Moreover, the company could monitor the movements of American troops even while they were out on patrol—a serious operational security risk that opened units up to being targeted by enemy forces, according to the people familiar with the discovery.

PlanetRisk gave the WSJ access to historical data in areas where the US is no longer operating, allowing the paper to confirm the claims.

The Journal tracked the movements of people who appeared to be American special operators and other military personnel, just as PlanetRisk had.

Although PlanetRisk reported the issue to US officials, other companies are known to collect the same information – including data brokers selling to anyone with the cash to pay for it, foreign clients among them.

The US has since taken some precautions, such as banning the use of TikTok from those in sensitive locations, but the sheer number of apps collecting location data makes a complete solution next to impossible without prohibiting US overseas forces from using personal smartphones at all. Given that military personnel can be away for extended periods, and rely on apps to keep in touch with family and friends at home, that would be a draconian approach.

Senate Democrat Ron Wyden is working on legislation that would restrict the sale of US data to foreign countries. However, the easy commercial availability of such data would make it extremely difficult to determine the end buyer.

It is not the first time that commercially available location data from apps has been found to risk US military security.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear