Posted on August 23, 2017 at 2:20 PM
AccuWeather App Knows Your Location Even When Your GPS is Off
In case you’re an iPhone user and you happen to have AccuWeather app, you might want to watch out because it seems that the app is up to something. Security researcher Will Strafach wrote a warning about the popular weather app’s behavior on Medium and got some people to really look into it.
Strafach wrote a Medium post in which he said that the app in question request location permission from users for reasons different than the ones we think – not to give them weather data customized to their location but to send pretty specific geodata to a third-party company RevealMobile.
I would find this less concerning if the AccuWeather's permission dialog mentioned tracking your home/work location, where you travel, etc.
— Will Strafach (@chronic) August 22, 2017
The app requests permission to find out your precise GPS coordinates, including current speed and altitude, as well as the name and BSSID of the Wi-Fi router you’re using at the given moment that is able to provide geolocation and if your Bluetooth is turned on or not.
Even if you turn your location data off for the app, it doesn’t stop it to get the data it wants. As Strafach’s Medium post notes, even without giving this information to the app, the app will still get your Wi-Fi router name and BSSID which will then let the application know your – a little less precise – location. This practice by a different company appears to have previously caught the attention of the FTC.
yes, if you don’t allow GPS access, still sends Wi-Fi BSSID and apparently uses Blurtooth beacons for geolocation. https://t.co/95oZMvE4tJ
— Will Strafach (@chronic) August 22, 2017
RevealMobile appears to specialize in mobile revenue and leveraging location data for ad targeting. As the company states on its homepage, understanding the path of a consumer is crucial to knowing the customer and represents the new opportunity of mobile location data.
For anyone a little more aware of privacy measures, this isn’t a surprise, but it still leaves you feeling somewhat uneasy. Due to the sheer popularity of the app, users trust it to send them accurate weather forecasts and not use their location for third-party data sales. Unfortunately, AccuWeather isn’t alone in these practices, says Strafach.
AccuWeather app’s team have been contacted for a statement and the following has been sent as a response.
The AccuWeather app’s spokesperson said that despite the stories going around, the app collects or passes no GPS coordinates if the user opts out of location tracking.
As for the other data, such as Wi-Fi network information that is not user information, it has been available on the Reveal SDK for a short amount of time, but the app itself never used it. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.