Weather forecast app AccuWeather was caught sending data about users’ whereabouts even when denied access to the location to a company named RevealMobile. Pressing button "don’t allow" in respond to its location request stops the app from receiving GPS coordinates, but still, lets it see and send the device’s MAC address and router’s identifier.
RevealMobile builds "high-value audiences" for advertisers by analyzing mobile location signals, detecting where people live and work, where they go throughout the day. "Pairing this information with existing demographic targeting criteria allows retailers to target consumers with a high propensity to visit based upon two of their most relevant locations", says RevealMobile. It claims that it harvests location data from "hundreds" of mobile apps. Security researcher Will Strafach, who draw public attention to AccuWeather’s roguery, found 40 popular apps that supply RevealMobile with geodata.
He emphasized that the problem is not AccuWeather’s sharing the location data itself, but doing that without users’ consent, and even more, against their refusal. Pressing the "don’t allow" button in response to a location access request, a person expects to keep this information away from third parties and advertisers, but their hopes are in vain. The ad companies receive less data if GPS tracking is off, but still enough for analyzing, combining with other data and using for ad targeting.
In a comment to TechCrunch, the AccuWeather’s representative claimed that the app’s team was unaware of RevealMobile’s getting the location data. They had access to it through their SDK. This is a software development kit, a set of third party tools that can be integrated into an app to enrich it with certain functions. "AccuWeather will be removing the Reveal SDK from its iOS app until it is fully compliant with appropriate requirements. Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing", the representative said.