AccuWeather dismissed a security researcher’s claims the popular weather app collects user data such as GPS coordinates and sends it to a third-party company called RevealMobile.
Researcher Will Strafach said the iOS version of the app requests location access “under the premise of providing users localised information” after which it collects GPS coordinates, including current speed and altitude, the name and address of the WiFi router a user is connected to, and records whether Bluetooth on their device is turned on or off.
Strafach said his iPhone sent this information to RevealMobile 16 times in 36 hours.
RevealMobile’s website says its technology sits inside hundreds of apps across the US and “turns the location data coming out of those apps into meaningful audience data.”
Strafach also noted AccuWeather will still send users’ Wi-Fi router name and address to RevealMobile even if they do not grant access to their GPS information.
Many users on Twitter said they would delete the app, but the company told TechCrunch if a user opts out of location tracking, no GPS coordinates are collected or passed without further opt-in permission from the user.
AccuWeather tracks you like an animal. Delete the app. https://t.co/JdXmhbQlWH
— Chris Vickery (@VickerySec) August 22, 2017
Delete AccuWeather from your phone RIGHT NOW. spyware! https://t.co/JveEQX6Mu2
— Charlie Stross (@cstross) August 23, 2017
It admitted other data was, for a short period, available on the Reveal SDK, but claims it was never used by AccuWeather and the company was unaware the data was even available to it.
“To avoid any further misinterpretation, while Reveal is updating its SDK, AccuWeather will be removing the Reveal SDK from its iOS app until it is fully compliant with appropriate requirements,” it said, adding: “Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing.”