AccuWeather app caught "red-handed" tracking location of users against their wishes

AccuWeather's been exposed sending user location data to a third party, even when the app is told not to access it. If you have the app installed, your exact location was shared with a company promising to turn that data into "mobile revenue."

Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission.

Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device.

Worse, the company issued a bad press release described by John Gruber as "a veritable mountain of horseshit." If the infraction was inadvertent as they claim, they made themselves look guilty as all hell by denying things they weren't accused of and pretending the information they sold was meaningless.

Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.

The accusation has nothing to do with "GPS coordinates". The accusation is that their iOS app is collecting Wi-Fi router names and MAC addresses and sending them to servers that belong to Reveal Mobile, which in turn can easily be used to locate the user. Claiming this is about GPS coordinates is like if they were caught stealing debit cards and they issued a denial that they never stole anyone's cash.

That's the show, but the creepy lawyerspeak about "quickly evolving" privacy standards and becoming "fully compliant with appropriate requirements" is the tell. It's clear from this what the app is for: to get as much information about you as possible and sell it.

Shocking. If you have AccuWeather installed on your phone, throw out that trash right now.
It's all just aggregated from and the NOAA anyway!

P.S. Carrot is the fun weather app.