AccuWeather for iOS Caught Collecting Data Even When Users Ask It Not To

[CrAKeN]

 

AccuWeather is currently one of the top weather applications on mobile devices, so it should come as a big surprise that it might be violating Apple’s guidelines due to data collection running even when users specifically block it from doing this.

 

Security researcher Will Strafach has conducted an in-depth analysis of the way AccuWeather handles user data collection and discovered that even when users block the application from retrieving their location, some information is still being sent to RevealMobile, a company that helps mobile app developers “generate more mobile revenue,” as their own site explains.

 

When configuring AccuWeather on an iOS device, giving the permission to track the location to provide the forecast leads to certain data being collected and shared with RevealMobile, including the device’s precise GPS coordinates, the name of the Wi-Fi network the device is connected to, and the current status of the Bluetooth connection.

 

Data send when location tracking is off

And while this does make sense and it is even included in AccuWeather’s own privacy statement, which nobody reads when running the app for the first time, it’s more interesting to learn what the app does when location tracking is not granted.

 

RevealMobile still receives some information from the device AccuWeather is running on, including the Wi-Fi network SSID. While at first glance this appears to be harmless, RevealMobile could be able to track geolocation using Bluetooth beacons. From the company’s website:

 

Quote

“Our technology sits inside hundreds of apps across the United States. It turns the location data coming out of those apps into meaningful audience data. We listen for lat/long data and when a device ‘bumps’ into a Bluetooth beacon. The data shown on the following pages reflects 102,535 opted-in location sharing mobile devices that we saw at retail locations Friday, November 25th, 2016.”

 

At this point, neither Apple nor AccuWeather offered a statement on this analysis, but as the security researcher noted, similar behavior of mobile apps in the past has triggered an FTC investigation, so the forecast provider might be sitting on thin ice here.

 

Source