We can sometimes be a bit naive when it comes to smartphone security. We trust our apps and devices to adhere to our instructions, but that does not mean they are always listening to us. A security researcher recently discovered that AccuWeather might be spying on iPhone user without their permission.
Will Strafach is a mobile security expert who got his chops with iPhone hacking. He works to find vulnerabilities within iOS. He alarmingly discovered that the AccuWeather app for iOS was sending information to a data monetizing firm, disregarding the user opt out for location tracking within the app.
In his efforts to uncover the truth, Strafach found that AccuWeather sent his personal location data to an ad firm named Reveal Mobile 16 times 36 hours after he closed the app. He found that they are giving away three major pieces of information: your exact GPS coordinates, the BSSID and name of your Wi-Fi router further providing your geolocation, and if your Bluetooth is on.
According to Reveal’s website, the information they collect helps the company gauge where its customers are during the day so they can learn more about the customer. They say that it helps retailers target customers more closely.
AccuWeather and Reveal Mobile sent a statement to Mashable following the report. “Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.
Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.”