If you’re like millions of Americans, you use the AccuWeather app for iOS to keep up to date about whether the weekend’s forecast means fun in the sun or hiding out from the rain. It turns out that AccuWeather may have been monitoring your location even if you opt out of location tracking within the app.
More specifically, a security researcher recently published a warning that the AccuWeather app requests location permission from users to send geolocation data to a third-party company called Reveal Mobile, but even if a user opts out of sharing location data with AccuWeather, it collects it and passes it along with Reveal Mobile. The researcher found that AccuWeather was sending three things to Reveal Mobile: users’ precise GPS coordinates, the name and BSSID of users’ Wi-Fi routers (which helps the firm track your geolocation), and whether users’ Bluetooth is turned on.
Reveal Mobile appears to specialize in mobile revenue and leveraging location data for ad targeting. “The value lies in understanding the path of a consumer and where they go throughout the day,” the company explains in a blog post on its homepage. “Traveling from home to work to retail to soccer practice to dinner is vital to knowing the customer, and represents the new opportunity of mobile location data.” Reveal Mobile also writes, “Location data also informs the home and work location of customers. Pairing this information with existing demographic targeting criteria allows retailers to target consumers with a high propensity to visit based upon two of their most relevant locations.”
In response to the researcher’s discovery and considerable uproar by users made aware of the practice, AccuWeather announced that it was ceasing transmissions of location data to Reveal Mobile when a user has opted out of location sharing. Downloading the latest app update should fix the location-sharing issue, and going forward, if you opt out of location sharing, the app should not pass on your geolocation information to Reveal Mobile.
AccuWeather is a popular forecast app, and one that users might trust to use their location for weather-related purposes rather than third-party data sales. However, AccuWeather isn’t the only app owner sharing this kind of tracking data in a less-than-transparent manner. A mobile advertising company agreed to a $950,000 settlement with the FTC in 2016 for the same practice, and Reveal Mobile boasts in a case study that its technology “sits inside hundreds of apps across the United States” and “turns the location data coming out of those apps into meaningful audience data.”
As always, before downloading the latest and greatest app, consider whether you are comfortable sharing detailed information about yourself, including your location throughout the day (and an easy inference based on such data: where you live and work). Yes, it may be convenient, but it may not be worth the encroachment on your privacy.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.