A security researcher has caught popular weather app AccuWeather sending user geolocation data to third-party advertisers even when location sharing is turned off.
Based on a report on ZDNet, security researcher Will Strafach intercepting traffic from an iPhone running the app found it sending information to third-party servers despite not having permission. AccuWeather was found sending the device's location, WiFi router and the unique MAC address to a data monetization firm, Reveal Mobile every few hours.
The report also digs up on the buyer of this information from AccuWeather, Reveal Mobile. ZDNet finds that the data firm is not a direct advertiser but instead helps provide data to advertisers.
Reveal in a brochure says that it turns the location data coming out of those apps into what it claims to be "meaningful audience data."
Will Strafach, a mobile security expert himself voices his concerns to ZDNet. He said, "When GPS access is not allowed, the app sends the [Wi-Fi network name] and possibly uses their Bluetooth beacon technology. This seems especially problematic as their website plainly states that use of WiFi information is for geolocation, and that seems a bit over the line for situations where the user pretty clearly does not wish to share their location," he said.
This would come as a major shock to users of the application which has a reputable impression on Apple's App Store along with being weather partners for numerous other applications as well.