AccuWeather Is Tracking You Even When You Don't Give It Permission

By Kate Conger on at

AccuWeather is sneakily getting access to your location data, even when you turn off location access to its app, and the company doesn’t plan to stop.

Security researcher Will Strafach discovered that Accuweather’s iOS app partners with a service called Reveal Mobile, which uses an iPhone’s wi-fi connection to track its precise location—even if the user has specifically opted out of sharing their location with Accuweather.

In testing AccuWeather’s app, Strafach found that it was surreptitiously shipping location data off to Reveal Mobile, including:

  • Your precise GPS coordinates, including current speed and altitude.
  • The name and “BSSID” of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services.
  • Whether your device has bluetooth turned on or off.

Strafach found that his test device was sending location data to Reveal Mobile every few hours during a 36-hour test period. “I watched it continue to ‘phone home’ with Wi-Fi info after disabling GPS permission,” Strafach tweeted. “I think ‘operating a network of code blobs embedded in apps which run in the background to track your location’ is creepy.”

Reveal Mobile’s website says it uses this location information to drive marketing campaigns to app users as they commute, eat out, or go shopping.

“In the future, AccuWeather plans to use data through Reveal Mobile for audience segmentation and analysis, to build a greater audience understanding and create more contextually relevant and helpful experiences for users and for advertisers,” David Mitchell, AccuWeather’s executive vice president of emerging platforms, told ZDNet. Gizmodo reached out to Mitchell and an AccuWeather spokesperson for comment and will update if they respond.

This is really lame and disingenuous. A good privacy rule is: Ff the information you’re collecting isn’t obvious to your users or subverts user choice (and no, burying a quick disclosure in the 50th paragraph of your terms of service doesn’t cut it), then you probably shouldn’t be collecting that information. [Will Strafach, ZDNet]


More Privacy Posts: