Weather app AccuWeather caught red-handed sharing your info

Alain Brian
Août 23, 2017

First spotted by security researcher Will Strafach, the AccuWeather iOS app is alleged to send location data to the company along with details of the Wi-Fi router to which the phone is connected and its Media Access Control or MAC address.

Precise GPS coordinates, including current speed and altitude.

The data monetization firm markets its ability to "convert mobile location signals into high value audiences" and "generate more mobile revenue, with or without ads". If you do not grant AccuWeather access to your Global Positioning System information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your device's whereabouts.

During a testing period of 36 hours, specifically while the AccuWeather application was not in the foreground, my test iPhone (located on a desk in an office building) sent the above information to RevealMobile a total of 16 times, occuring roughly once every few hours.

Status of the device's Bluetooth connection (on or off). Location data also informs the home and work location of customers. "Traveling from home to work to retail to soccer practice to dinner is vital to knowing the customer, and represents the new opportunity of mobile location data", it says.

The "location data coming out of those apps" would your precise Global Positioning System coordinates (Access granted under a more reasonable guise of weather alerts), and Wi-Fi router name/BSSID. We listen for lat/long data and when a device "bumps" into a Bluetooth beacon.

More specifically, the iOS app is wrongfully giving away three things: Your precise Global Positioning System coordinates, the name and BSSID of your Wi-Fi router (which helps the firm track your geolocation), and whether your bluetooth is turned on. This practice by a different company appears to have previously caught the attention of the FTC.

"In the future, AccuWeather plans to use data through Reveal Mobile for audience segmentation and analysis, to build a greater audience understanding and create more contextually relevant and helpful experiences for users and for advertisers", David Mitchell, AccuWeather's executive vice president of emerging platforms, said.

An app sending data back to the company or related organizations is hardly new, but the case is notable because the AccuWeather app does so even when permission is not granted by the app user.

D'autres rapports CampDesrEcrues

Discuter de cet article