Summits Yellow

AccuWeather caught sending location data to monetisation firm without permission

Tyrone Stewart

AccuWeatherPopular weather app AccuWeather has been sending geolocation data to a third-party firm which uses location data to help publishers and media companies generate more money via accurate mobile audience segments.

According to Verify.ly founder Will Strafach, when users accept location requests from the iOS version of the app they are also granting access to their location data to Reveal Mobile. This is despite AccuWeather not stating in the location requests that the data will be sent to a third-party monetisation firm.

Strafach’s research found that Reveal Mobile receives precise GPS coordinates – including current speed and altitude – the name and ‘BSSID’ of the wi-fi router the user is currently connected to, and whether the device’s Bluetooth is on or off.

During a 36-hour test period, Strafach discovered that, while the AccuWeather app was not in the foreground, it sent information to Reveal Mobile a total of 16 times.

Reveal Mobile turns location data from apps into ‘meaningful audience data’, according to its website. It listens for both latitudinal and longitudinal data and when a device ‘bumps’ into a Bluetooth beacon. It is said to sit inside hundreds of apps across the US.

Since the revelation, both AccuWeather and Reveal Mobile have released a joint statement.

“Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.

“Other data, such as wi-fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.

“AccuWeather and Reveal Mobile are committed to following the standards and best practices of the industry. We also recognize this is a quickly evolving field and what is best practice one day may change the next. Accordingly, we work to update our practices regularly.

“To avoid any further misinterpretation, while Reveal is updating its SDK, AccuWeather will be removing the Reveal SDK from its iOS app until it is fully compliant with appropriate requirements. Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing. In the meanwhile, AccuWeather had already disabled the SDK, pending removal of the SDK and then later reinstatement.

“Reveal has stated that the SDK could be misconstrued, and they assure that no reverse engineering of locations was ever conducted by any information they gathered, nor was that the intent.”