An independent investigation by security researcher Will Strafach has revealed how AccuWeather is sharing user location even when location is turned off on an iPhone. The allegations are alarming given that AccuWeather is believed to have relayed the location data to a company called Reveal Mobile which specializes in gathering audience data for ad targeting. As of now, there is no evidence to suggest that the Android version of the app uses the same protocol.
Reveal Mobile executives, however, insist that the technology hasn’t been used to track individual users, although he spoke of how it could be used to target customers at popular locations such as coffee shops, restaurants etc.
AccuWeather basically grabs your geolocation when you turn on location sharing on your iPhone. However, Strafach’s research found that when location is turned off on the device, the app manages to send the Wi-Fi router name and its unique MAC address to servers belonging to Reveal Mobile. The CEO, Brian Handley, however, claims that “everything is anonymized”.
An AccuWeather executive went on to say that the company’s tech “has not been in our application long enough to be usable yet”, which is some solace for the users. However, it’s clear that both parties are in complete damage control mode right now, as is evident. Some users on social media sites are talking about deleting AccuWeather altogether in solidarity with Strafach and his findings.
Reveal Mobile, meanwhile, has published a statement on its site mentioning that the company follows “all app store guidelines, honoring all device level and app level opt-outs and permissions.”
Strafach went on to note the similarities between this case and one from 2013 which involved an Android app called “Brightest Flashlight” which shared location data and the device ID without prior permissions. AccuWeather quotes its legal team and mentions that there are no parallels between the two cases.
An AccuWeather spokesperson said “This is a quickly evolving legal field and what is best practice one day may change the next; and… we take privacy issues very seriously. We work to have our [terms of service and agreements] as current as the law is evolving and often beyond that which may be legally required to protect the privacy of our users.”