Pixel Envy

Written by Nick Heer.

AccuWeather’s iOS App Is Sending Location Information to a Data Monetization Firm

You’ll find AccuWeather near the top of the App Store charts for weather apps constantly, which raises the stakes of this advisory from Will Strafach:

The AccuWeather application for iOS requests location access under the premise of providing users localized severe weather alerts, critical updates, and faster launch time. Granting access to location information will also cause the application to send the following bits of information off to “revealmobile.com”:

  • Your precise GPS coordinates, including current speed and altitude.

  • The name and “BSSID” of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services.

  • Whether your device has bluetooth turned on or off.

Strafach also noticed that if you deny AccuWeather access to your location, Reveal Mobile will still get the WiFi router information, which can be used to derive your location.

Zack Whittaker, ZDNet:

For its part, Reveal Mobile executives said on a call last week with ZDNet that though company does collect Wi-Fi data and MAC address information, it “does not use it” for location data.

“Everything is anonymized,” said Brian Handley, the company’s chief executive. “We’re not ever tracking an individual device,” but described a situation where his company can point advertising to customers inside a Starbucks location, for example.

Just a few weeks ago, I linked to a piece in the Guardian by Alex Hern which showed that ostensibly anonymous web browsing data can be associated with individuals’ identity. I see no reason why that would be much different when collecting base station names at someone’s office, during their commute, and at home.

Whittaker again:

According to one AccuWeather executive, Reveal Mobile’s technology “has not been in our application long enough to be usable yet.”

“In the future, AccuWeather plans to use data through Reveal Mobile for audience segmentation and analysis, to build a greater audience understanding and create more contextually relevant and helpful experiences for users and for advertisers,” said David Mitchell, AccuWeather’s executive vice president of emerging platforms, on the call.

Even though it’s usually possible to get information about a product’s audience, it’s not always right to do so. In fact, if an explicit opt-in would make most users wince, I’d say that collecting deep analytics about them is ethically wrong.

To their credit, Reveal Mobile announced today that they are issuing an updated API that doesn’t collect any information that could be used to derive a user’s location — with the exception of IP addresses — if the user doesn’t allow the app to use location services.