AccuWeather might be spying on iPhone users without their permission.。 A security researcher recently discovered that the AccuWeather app for iOS was sending location information to a data monetization firm, even when users opt out of location tracking within the app.
。 The sketchy app behavior was first stumbled on by Will Strafach, a mobile security expert known for iOS hacking. Strafach only works to find vulnerabilities on iOS, so it's unclear if the app is pulling this stunt on Android users as well.。 What's strange about this particular discovery is that every iPhone user has the option to turn off location data for individual apps running the background. But AccuWeather is apparently disregarding this setting in order to send information to an ad firm named Reveal Mobile.。 Strafach discovered that even though he wasn't running AccuWeather in the foreground, it sent his personal location data to Reveal Mobile 16 times in just 36 hours after closing the app.。 Thanks for signing up! 。 More specifically, the iOS app is wrongfully giving away three things: Your precise GPS coordinates, the name and BSSID of your Wi-Fi router (which helps the firm track your geolocation), and whether your bluetooth is turned on.。 Strafach voiced his concerns on Twitter and took time to answer a few questions about the situation.。 Tweet may have been deleted
。 Reveal Mobile notes on its own website that this information helps the company understand where customers are at during the day in a way that is vital to knowing the customer.
。 "Location data also informs the home and work location of customers," RevealMobile writes. "Pairing this information with existing demographic targeting criteria allows retailers to target consumers with a high propensity to visit based upon two of their most relevant locations."。 Regardless of the reason, there's no excuse for exploiting a customer's wishes and privacy. So, if you're creeped out and annoyed to find out that AccuWeather is giving away your information without your permission, it might be time to switch to another weather app.。 Update August 23, 2017 (10:37 a.m. ET):。Update August 23, 2017 (10:37 a.m. ET): 。 AccuWeather and Reveal Media sent
。 Mashable
。 the following joint statement:
。 Reveal has stated that the SDK could be misconstrued, and they assure that no reverse engineering of locations was ever conducted by any information they gathered, nor was that the intent. AccuWeather will work with Reveal to restore the SDK when it has been amended and will continue to update its ULAs to be transparent and current with evolving standards. AccuWeather and Reveal continue to enhance methods for handling data and strive to provide superior, seamless, and secure user experiences. We are grateful to have a supportive community that highlights areas where we can optimize and be more transparent."。Strafach voiced his concerns on Twitter and took time to answer a few questions about the situation.
。
"Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user. Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.。
AccuWeather and Reveal Mobile are committed to following the standards and best practices of the industry. We also recognize this is a quickly evolving field and what is best practice one day may change the next. Accordingly, we work to update our practices regularly. To avoid any further misinterpretation, Reveal is updating its SDK and pushing out new versions of the SDK in the next 24 hours, with the iOS update going live tonight. The end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing. In the meanwhile, AccuWeather had already disabled the SDK, pending that update.。