Zack Whittaker, reporting for ZDNet:
Popular weather app AccuWeather has been caught sending
geolocation data to a third-party data monetization firm, even
when the user has switched off location sharing. […]
Security researcher Will Strafach intercepted the traffic from an
iPhone running the latest version of AccuWeather and its servers
and found that even when the app didn’t have permission to access
the device’s precise location, the app would send the Wi-Fi router
name and its unique MAC address to the servers of data
monetization firm Reveal Mobile every few hours. That data can be
correlated with public data to reveal an approximate location of a
We independently verified the findings, and were able to geolocate
an AccuWeather-running iPhone in our New York office within just a
few meters, using nothing more than the Wi-Fi router’s MAC address
and public data.
In other words, if you deny AccuWeather permission to use the Location Services APIs on you iPhone, they’ll go around your back and send your Wi-Fi router name and the router’s MAC address to these shitbirds at Reveal Mobile, and they maintain a database that maps Wi-Fi routers to locations.
To me this is a one strike and you’re out situation. Apple should remove this version of the AccuWeather app from the App Store, and any of you reading this who have it installed should delete it from your devices and never re-install it. How can you trust them? There are plenty of excellent weather apps in the App Store that would never blatantly abuse your privacy like this. Off the top of my head: Dark Sky, Weather Line, and Carrot, to name just three. Also, the built-in Weather app that comes with iOS is really good and has gotten a lot better in the last few years.
★ Tuesday, 22 August 2017