Popular weather app harvests unusual amount of personal data, security experts warn

Weather Forecast appA popular weather app built by Chinese developers has reportedly been collecting ‘unusual’ amounts of data from users.

According to research from London-based security firm Upstream Systems, first reported by The Wall Street Journal, the ‘Weather Forecast – World Weather Accurate Radar’ app collects information including locations, email addresses, and International Mobile Equipment Identity (IMEI) numbers.

The app, which is only available on Android devices, has been downloaded more than 10m times and made by TCL Communication Technology Holdings. TCL manufactures Alcatel and Blackberry-branded smartphones, both of which come with the weather app pre-installed.

In addition to collecting unnecessary data, the app has also attempted to subscribe more than 100,000 users of its Alcatel smartphones to paid virtual reality services without their permission. These users – in countries such as Brazil, Malaysia, and Nigeria – would have been billed more than $1.5m had Upstream Systems not blocked the attempts, according to the security firm.

TCL has now stopped attempting to subscribe users to its services without their knowledge but continues to collect personal information. The company told The Wall Street Journal that it already has several security safeguards in place, but it would now begin “evaluating new security consultants who can provide additional validation of the safety of our mobile applications we develop”.

The weather app has been hugely popular around the world – having ranked in the top five weather apps in 30 countries, according to App Annie. In 2018, it was the sixth most popular weather app in the UK and in Canada. Meanwhile, in 2017, it was in the top 20 most popular in the US.