Weather App AccuWeather Caught Red-Handed Sharing Your Info [UPDATE]
AccuWeather was just caught sending GPS coordinates, Bluetooth switch, and BSSID of local Wi-Fi routers to a third party. Granting this app access to location information on an iPhone has been found to send several pieces of information to data monetization group Reveal Mobile. While AccuWeather has an extremely large userbase with a strong rating on the Apple App Store, its innards seem to be doing something of which users aren't fully aware.UPDATE: AccuWeather and Reveal Mobile have released a joint statement which includes the following: "Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user." Further info can be found at the end of this article.
As Reveal Mobile's website says, "We convert mobile location signals into high value audiences. You generate more mobile revenue, with or without ads." That's meant to draw in developers of apps like AccuWeather. It seems to have done its job, as a definite connection between AccuWeather and Reveal Mobile has been plainly shown.
The security researcher that revealed this connection was Will Strafach, who suggested that AccuWeather is not the only app that runs a similar info-sharing setup. The app "Frank's Forecast Weather App" from KPRC 2 also runs an extremely similar setup with Reveal Mobile inside.
Reveal Mobile spoke with ZDNet last week on a similar matter, suggesting that "everything is anonymized," and that "we're not ever tracking an individual device."
"When GPS access is not allowed, the app sends the [Wi-Fi name] and possibly uses their Bluetooth beacon technology," said Strafach. "This seems especially problematic as their website plainly states that use of Wi-Fi information is for geolocation, and that seems a bit over the line for situations where the user pretty clearly does not wish to share their location"
While I don't see any reason why a user should be particularly worried about this situation, tracking without asking isn't nice. It's also against the rules, if you dig deep enough in Apple's developer terms. See the Apple Developer Program Information PDF to see what I mean.
UPDATE: AccuWeather and Reveal Mobile statement continued:
Stick around as this situation develops.