But the US Secret Service told the newspaper that it doesn’t believe the protection it provides was in any way compromised.
Le Monde found that some US Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English.
Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community.
Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin.
In one example, Le Monde traced the Strava movements of Macron’s bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn’t listed on the president’s official agenda.
Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards’ Strava profiles.
In a statement to Le Monde, the US Secret Service said its staff aren’t allowed to use personal electronic devices while on duty during protective assignments but “we do not prohibit an employee’s personal use of social media off-duty.”
“Affected personnel has been notified,” it said. “We will review this information to determine if any additional training or guidance is required.”
“We do not assess that there were any impacts to protective operations or threats to any protectees,” it added. Locations “are regularly disclosed as part of public schedule releases.”
In another example, Le Monde reported that a US Secret Service agent’s Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden’s arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found.
The newspaper’s journalists say they identified 26 US agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.
It said movements trackable on Strava could lead to security breaches, especially when security agents travel in advance to places like hotels where leaders then stay and hold meetings.
Macron’s office said Monday that the consequences of the issues reported by Le Monde “are very slight and in no way affect the security of the President of the Republic.”
Local authorities are aware of Macron’s movements ahead of time and the places where Macron is staying are always fully secure, “so the risk is non-existent,” the statement said.
“A reminder was nevertheless issued to agents by the chief of staff asking them not to use this app,” Macron’s office added.
Messages left with the Trump and Harris campaigns as well as the White House were not immediately returned Monday.
The security risks associated with fitness apps show the need for better regulations on how tech companies can use consumer data, according to Ibrahim Biggili, a computer scientist and professor of cybersecurity at Louisiana State University.
Biggili’s research has exposed how bad actors could use fitness app data to track potential victims — creating risks for stalking, robbery and other crimes.
Consumers often grant app developers the right to use or sell their data when they agree to the terms of service, he said.
“Companies love our data, and we love the product, so we give away the data for free,” he said. “The government really needs to start cracking down on how data can be used and how long it can be retained.”
Identifying the presidential bodyguards — some of them using their full name on Strava — could also help in finding other details about their personal addresses, their families, their movements, and photos they posted on various social media, all of which could possibly be used to put pressure on them for malicious purposes, the report stressed.