Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

PSA: The AccuWeather iOS app sends location data even after you deny it access

By Marcus Wong - on 22 Aug 2017, 2:38pm

PSA: The AccuWeather iOS app sends location data even after you deny it access

Security researcher Will Strafach has discovered that the AccuWeather app is sending out your Wi-Fi router name and BSSID to a third party company Reveal Mobile even if you’ve previously denied it access to your GPS information.

Most weather apps will request for your location data to give you more localized alerts and updates, and for a faster launch time. However, Strafach discovered that AccuWeather also collects your precise GPS co-ordinates (including current speed and altitude), the name and BSSID of the Wi-Fi router your device is connected to, and whether your device has Bluetooth turned on or off.

Strafach states that during a testing period of 36 hours, his test iPhone sent that information to revealmobile.com a total of 16 times, or once every couple of hours. This led to Strafach investigating what Reveal Mobile does, and he found this on their website:

“Reveal Mobile turns location signals into audience data into mobile revenue. With or without ads. With or without SDK.”

In an article shared on their website, Reveal Mobile’s CEO Brian Handly also talks about how location data offers both online and offline retailers the capacity to gain insight into where a user lives, works and shops.  That’s to say, the locations where you will most likely be and at what time and day.

In a case study shared by the company, they also say this:

"Our technology sits inside hundreds of apps across the United States. It turns the location data coming out of those apps into meaningful audience data. We listen for lat/long data and when a device “bumps” into a Bluetooth beacon. The data shown on the following pages reflects 102,535 opted-in location sharing mobile devices that we saw at retail locations Friday, November 25th, 2016."

All well and good if you opted in, but Strafach found that the app sends out your Wi-Fi router name and BSSID even if you choose to deny it location information. That’s explicitly against the Terms and Conditions of the Apple Developer Program. The FTC has also previously investigated another company (InMobi) that attempted a similar action, forcing it to change its practices.

Strafach points out that Accuweather is specifically violating Apple's developer terms.

It remains to be seen what action will be taken by AccuWeather, but Strafach has found that the data-sharing functionality still remains even after the latest update. So if privacy is a concern, we’d recommend switching to another weather app for now.

Sources: Medium.com, US Federal Trade Commission, RevealMobile

Loading...