A MOBILE app that allows its users to track their jogging or cycling routes has highlighted activity in and around military locations, such as the Clyde naval base at Faslane.

The heatmap of GPS data showing the location of such bases and personal around the world, was inadvertently published by the app’s developer Strava.

People who create a free account can find other users who regularly use certain routes, potentially alerting terrorists or foreign powers to service personnel who may be on active duty.

HMNB Clyde – where the navy stores its nuclear weapons – is listed as one of the potentially sensitive locations around the UK, along with Sandhurst military academy and the government listening centre GCHQ.

The National:

A Strava spokesman said the heatmap “excludes activities that have been marked as private and user-defined privacy zones”.

“We are committed to helping people better understand our settings to give them control over what they share,” he added.

Anyone can create an account for free and find routes, or “segments” around military bases.

The app also shows users who have publicly recorded their times on certain routes and many people on social media have pointed out that anyone could use such information to find other social media profiles for soldiers, sailors or air force personnel.

Nathan Ruser, a student from Canberra in Australia, identified what he believed was a regular jogging route for soldiers in Afghanistan.

He told the Sydney Morning Herald: “Hopefully it’s a learning experience for the different military communities and they can toe that line between convenience and security.”

Others identified a US base in Nigeria and app users at Bagram air base in Iraq.

International security expert Jeffrey Lewis illustrated on the Daily Beast website how anyone could identify users at a military base in Taiwan and potentially find other bases as a result.

“If our user casually jogging by Taiwanese missiles day after day suddenly appears deployed to a new location, well that’s very interesting if you are targeting missiles for China’s Rocket Force,” he wrote.

Users can to make their data private, but Lewis also raised concerns about whether data which has been set to private could be hacked.

Strava published a major update to the heatmap in November last year, including “six times more data than before”, but investigators only spotted the security breach at the weekend.

An MoD spokesman said: “The MoD takes the security of its personnel and establishments very seriously and keeps them under constant review.

“However, for obvious reasons we do not comment on our specific security arrangements or procedures.”