Strava announced this week that going forward, it’s restricting API access for some third-party apps. Although they’re careful to say that the change will cause “no impact to most developers,” many runners and cyclists are discovering that the change is, in fact, likely to kill features, and possibly entire apps, they’ve been depending on.
Here’s the breakdown on what you can expect.
What is Strava again?
Strava is an app used by runners and cyclists to track their training data, compete with other runners or cyclists on leaderboards, and draw maps based on where they and other Strava users like to run and cycle. I’ve crowned it the best running app out there, but also reported on privacy concerns inherent in its mapping tools.
Aside from these baked-in features, Strava is also popularly used to glue other apps together. All of your fitness trackers (and their associated apps) can probably sync to Strava, and a lot of coaching and analysis apps can pull data from Strava in turn.
What is Strava changing with their new data policy?
According to the announcement on Strava’s website, third-party apps that use Strava data may now only display a user’s own data, not anybody else’s. This means it’s fine for your Oura app to pull the time and distance of your latest run from your Oura Ring, but apps that aggregate multiple users’ data (for example, to build their own heatmaps or let coaches check on their athletes’ progress) will no longer be allowed.
Strava says, “Specifically, we want to thoughtfully address situations where users connect to a third-party app and are unaware that their data is being surfaced not just for their own use and visibility, but also to other users (for example, in a public feed or heatmap).”
The changes to the API terms also prohibit third-party developers from training AI on Strava data and seek to “protect Strava’s unique look and feel and functionality,” which seems to mean they are pulling certain features from their API so that third party apps can’t boast to have all the same features as the Strava app.
Which apps will be affected?
Tons of apps pull Strava data, and their developers have only just learned about the API changes, so I can’t give a complete list of affected apps just yet. Strava predicts that “less than 0.1% of applications” will be impacted, but if any of those are among the most popular fitness tracking apps, lots of users will be affected.
So here’s a little bit about what we do know: Coaching apps will be affected, since those apps have been pulling one user’s data (the athlete’s) to serve to another user (the coach). The developer of intervals.icu, one popular app for analysis and coaching, is urging athletes and coaches to change their app settings so their data goes directly to intervals.icu instead of going through Strava.
That’s a workaround that isn’t possible for everybody, though. The reason Strava was so popular for coaching and analysis apps is that there are tons of gadgets and devices that record workout data, from smartwatches to bike power meters. It’s impractical for small app developers to write code for every device a user might use, but easy for them to pull data from Strava.
So if you use Garmin devices and your favorite app can connect to Garmin, great. But if not, you may not be able to use those apps anymore. (That intervals.icu developer, for example, is hard at work getting Zwift integration up and running.)
The changes may also block any kind of analysis by third-party apps. According to DC Rainmaker’s reading of the new API terms, even simple calculations like “how many miles did I run this week?” could run afoul of the modified API agreement.
What you can do about this
Right now, if you use any apps that pull data from Strava, go to their associated website (or check your email) and see whether their developers have said anything about how they’ll handle things, given the Strava changes. You may be able to link your data directly, as in the Garmin and Zwift examples above, but that will depend on your particular devices, what apps you use, and what data you expect to see there. This complexity is exactly what using Strava as a data bridge was supposed to solve! Sadly, those days are apparently over.
I find it ironic that Strava is positioning this change as an important one for users’ privacy. While Strava’s privacy controls are complicated enough that people definitely could be sharing more information than they realize, that’s also true within Strava itself, and the company hasn’t done much to correct that issue.
As I’ve previously written, Strava’s “de-identified” data is still specific enough to doxx some individuals based on their running habits. When I asked the company to comment on that issue, they answered, “Public heatmaps (whether Weekly or Night) use only aggregated de-identified data—no personal information. Strava has a number of privacy settings in place to empower users to design their experience on our platform, including the ability to opt out of contributing to the Global Heatmap. We are committed to evolving these experiences with privacy at the forefront.”
But when your running route itself is what identifies you, stripping identifiers from running (or cycling) data doesn’t always truly anonymize it. And since only Premium users have access to Strava’s most precise mapping tools, free users can’t necessarily see how their data is being used. It seems Strava only recognizes these privacy issues when they’re happening on third-party websites, and it won’t fix the same problem when it’s happening in-house. (If any of this is concerning, you may want to check your privacy settings.)
