iOS Security News: Leading Weather App Found Sending Location Details to Monetization Firm Despite Inactive Sharing Settings

By Jessica Ferrera, Christian Post Contributor

One of the leading applications on iOS and Android, AccuWeather, was reportedly found sending its users' location details to a monetization firm without permission and even while the location tracking system of the device was disabled.

AccuWeather gained popularity for being one of the most accurate weather forecast apps in the market. For it to work effectively, users were asked to allow the application to access a device's geolocation data to let people know what weather they were going to have wherever they are.

However, smartphone users sometimes disable their location-sharing settings for a number of reasons and privacy is one of them. Unfortunately, reports found that AccuWeather breached that zone, and making matters worse, the geolocation data was allegedly forwarded to a third-party firm.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Security analyst Will Strafach shared his findings on Medium and stated that AccuWeather was forwarding collected data to a certain monetization firm called RevealMobile — a website that is not that discreet at what they do.

According to RevealMobile's official website, they "convert opt-in mobile location signals into high value audiences." The company apparently does not shy away from the work that they do that involves collecting location data from smartphone users. However, they maintain that they "never attempt to reverse engineer a device's location when location sharing is disabled."

Unfortunately, those claims are not in tune with Strafach's findings.

To prove his research, Strafach conducted an experiment with a test iPhone for a duration of 36 hours. During this period, the security analyst stated that the AccuWeather app was certainly not running in the foreground of the test device.

However, despite that setup, AccuWeather still reportedly sent RevealMobile "precise GPS coordinates, including current speed and altitude, the name and 'BSSID' of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services, and whether your device has bluetooth turned on or off."

Strafach added that within his 36-hour experiment, those data were sent "to RevealMobile a total of 16 times, occuring roughly once every few hours."

It is still unclear whether AccuWeather operates the same way on Android devices.

Meanwhile, AccuWeather and Reveal Mobile released a joint statement on the matter.

"Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user," the statement read. It said that while the mentioned data was available for a short period on the Reveal SDK, AccuWeather did not know that was the case.

The statement added: "To avoid any further misinterpretation, while Reveal is updating its SDK, AccuWeather will be removing the Reveal SDK from its iOS app until it is fully compliant with appropriate requirements. Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing."

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.