STrapster, the popular smartphone app that lets people identify speed traps and road hazards as they drive around, boasts more than 20 million users. How many of them would keep using Trapster if they knew how easy it is for other users to track their movements?
The app has recently come under fire from tech journalists and privacy advocates who say a Trapster feature that traces users' lines as they drive around could easily be used to track them, provided they know just a little bit about where they live or where they've been. As a result, the company says they've issued a fix, but critics — and a Jalopnik test of the app done in Washington D.C. — say otherwise.
Trapster is a relative old-timer as far as smartphone apps go. First launched in 2007, later sold to Nokia, and subsequently updated over the years, it allows users to upload information about police speed traps, car crashes, red light cameras, and at one point, DUI checkpoints so that other Trapster users are aware of perils on the road. (The DUI checkpoint feature was removed in 2011.) It uses GPS information to alert these users about what lies ahead.
At one point the award-winning Trapster was one of the most downloaded map or automotive apps on multiple platforms, but in recent years it has been eclipsed by traffic app Waze, which boasts a significantly larger user base of 50 million people.
But the new controversy relates to a Trapster feature called "Patrol Lines," which displays as blue lines on a map the individual routes of each user while they travel the roads with Trapster running in the background. The lines show up whether the user has reported anything or not. They also appear whether or not a Trapster user has a proper username or uses his or her name, and they stay there for two hours.
In other words, if you know where a Trapster user lives — or if you get them to download the app, or even put it on their phone surreptitiously — you can easily use the app as a tracking device.
"Let's say I meet a girl in a bar and tell her about Trapster and how it's great for avoiding speed traps and DUI checkpoints," said tech writer Steve Kovsky, who was recently interviewed by San Diego TV station ABC 10 News about the issue and later spoke with Jalopnik. "Maybe I even help her download the app and turn it on. After that, it's game on: I could see when she leaves the bar, and where she goes, presumably following her right to her house."
If someone can get a person to download Trapster or even put it on their phones surreptitiously, they have a way of following their blue lines of travel anywhere. And no, the user — like the hypothetical woman Kovsky used as an example — does not have the option of turning the blue lines off.
"Once I know where she lives and works, which the patrol lines would clearly tell me, I can stalk her at will on Trapster," Kovsky said.
The Patrol Lines feature has been a part of Trapster since at least 2010, but older versions of the app made the lines disappear when a user's speed dropped below 30 mph so that in theory a user couldn't, say, follow a person directly to their house. Until recently, newer versions of Trapster showed the user's entire patrol line regardless of speed.
"If the app is active, it's tracking you," Kovsky said. "Many (if not most) people don't regularly go back and close all the apps they use in a day. A person could theoretically install once, open Trapster, then and have it remain resident on their smartphone for weeks, tracking their every move without them having the slightest idea. You have to manually close the app to stop the tracking."
Tech writer and early Google Glass adopter Robert Scoble was among the first to point out this potentially dangerous issue, one he called "is a case where a product designer hasn't put enough privacy into the system and isn't clear enough with the risks involved."
And the stalking scenario I described above isn't a hypothetical — Scoble and a friend who was a fellow Trapster user actually experienced it and then he went out and did it.
Here's what Scoble wrote:
The thing is this blue line sticks around for hours (I believe two, in my testing) and can be captured as a friend did on my account. He called me after I reported a cop and said "hey, did you just make a U Turn?"
Why yes I did. "Oh, how did you know that?" I asked. "I'm watching you on Trapster."
Turns out that because Trapster has so few users it's easy to "stalk" individual users based on these blue lines (I have several examples of where friends of mine and me have "stalked" users as they drive around town in real time). Especially if they use their real name as their user name, like I do.
But even if not, if you know where someone lives or works you can easily figure out who different blue lines belong to. I did this to one employee who works at Trapster as I watched him drive home. These blue lines even continue after you stop driving and I can see what stores you visited and where you walked, even.
ABC 10 News was next to look into Trapster, and using the app they were able to track their staff members' movements across town in vivid detail and in almost real time.
Team 10 installed Trapster on two smartphones, keeping one phone at the station and sending the other one out on the road. Team 10 was able to track another user's entire trip — not in real time, but pretty close.
A satellite view showed them going into a parking lot and looping around an ATM.
"It leaves an electronic trail of breadcrumbs wherever you go," said Kovsky.
So then Jalopnik — namely, me, my iPhone with Trapster running, and the Mercedes CLA45 AMG I'm currently testing — tried to do the same thing. My goal was to see if other Trapster users could follow me as I drove around Washington D.C. I recently installed Trapster on my phone, and while I don't put out my name or have a username at all, my line still shows up as I drive around town.
And as I left my apartment, traveled west on Interstate 395 and then northwest on the George Washington Memorial Parkway before looping around on Interstate 495 and coming home a different route, friends in D.C. and California were able to track my every move.
In fact, the blue lines display whether Trapster is running in the foreground or not. At one point the app crashed while I was driving, so I (as safely as I could) turned it back on moments later, hence the gap in the blue line along the Parkway.
Currently, Trapster only allows users to see Patrol Lines within a 30 mile radius of where they are at the moment. A person in D.C. can't see where drivers are in New York, for example. But the app didn't always work this way. Older versions allowed users to see blue lines anywhere they wanted.
My friend in California has an older version of Trapster, and he was able to track my entire route from start to finish from thousands of miles away. That big blue line that goes up and loops around? That's me. The big J marks where I finally turned the app off before driving home. I was tired of being followed for one day.
All of this illustrated just how easy it is to turn Trapster into a tracking program, provided you know a little bit about where a user lives or even just where they start their journey. Do you suspect your wife of cheating on you? Put Trapster on her phone and see where she goes. Want to make sure your employees are where they say they are? Tell them to put Trapster on their phones and watch them drive around. The app makes it all very simple to do.
Jalopnik has reached out to Trapster for a comment. The company issued a statement to ABC News 10 that said the Patrol Lines exist so users can prove that the speed traps and other road hazards they report are in fact real. They also say the lines are truncated and the beginning and end of a journey to hide a home or office, but this wasn't my experience when I used the app.
Trapster also said they reinstated the fix where the lines end when a driver drops below 30 mph:
However, we read comments about these lines continuing inside a parking lot or a mall where a user is actively using Trapster in those locations. This is indeed not how Trapster was intended to work. The application should not record patrol lines when a user is traveling at a speed slower than 30 miles per hour and we have immediately taken action to ensure that this rule is enforced in all cases.
And this change was in effect when I used the app. But even so, look at the maps. Don't you think if you wanted to track someone you could get a very good idea of where they're going and where they've been?
"It's moving in the right direction," Kovsky said, "But yes, you could still stalk someone. I only have to drive about 500 feet from my house before I would hit 30 mph, and if I were going to my office, the line would continue (with a few short breaks for stop signs) all the way to the entrance of our parking lot. That's plenty of breadcrumbs for a determined stalker to follow."
Update: A spokeswoman for Trapster returned a request for comment from Jalopnik and said that a version of the app that allows Patrol Lines to be turned off will be released soon.
"Privacy is our number one goal," she said. "If there is something people feel uneasy with, we need to tighten our safeguards."
Here is the statement Nokia sent in response:
We carefully analyzed recent reports that expressed some criticisms towards our Trapster service.
People can use Trapster to report on and be alerted about speed cameras, accidents and road hazards. While some users may choose to log in and report new information, all users gain confidence when they know that their routes have already been 'patrolled' by other users for traps like these. To communicate this we devised the 'patrol lines' feature to anonymously show the recent driving activities of other users. These lines are temporary, not connected to personal information, and are truncated at the beginning and the end to hide sensitive places such as office and home. People's locations are also delayed, so that real-time tracking is impossible.
We also reviewed comments about these patrol lines continuing inside a parking lot or a mall where a user is actively using Trapster in those locations. This is indeed not how Trapster was intended to work. The application should not record patrol lines when a user is traveling below normal driving speed for more than a few minutes. Simply dropping below a speed limit for a few moments as shown in some tests is very similar to the pattern of stop and go traffic and should not terminate the line. We use a time-out feature to properly distinguish between driving and non-driving behavior.
We appreciate feedback on how to improve our service and we want to make sure everyone understands how it works, which is why we regularly get in touch with the people using Trapster to get feedback on such features. The response to the patrol lines feature has been quite positive and we look forward to clarifying its function to a broader audience and also providing users a better ability to opt in and out of this and other features in upcoming releases of the software.
HERE, a Nokia business, is committed to respect privacy and to comply with applicable data protection and privacy laws. All location information we collect is used for the sole purpose of improving our maps and location-based services. We don't sell such information to third parties nor do we use it to drive advertisement revenue.