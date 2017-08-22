Popular Weather App AccuWeather Caught Sending User Location Data, Even When Location Sharing is Off (zdnet.com) 51
Zack Whittaker, reporting for ZDNet: Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing. AccuWeather is one of the most popular weather apps in Apple's app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn't say is that it sends sensitive data to a firm designed to monetize user locations without users' explicit permission. Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn't have permission to access the device's precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user's device. We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router's MAC address and public data.
Ah, there you are. Where did you go? On a fucking vacation? We need to see your pointless crap at the start of each thread otherwise it doesn't feel like Slashdot anymore.
Anyway, welcome back.
I'm still trying to figure out why people download and install executables to do simple tasks that I do in a web browser.
I blame the stupid Apple ad telling us "There's an App for that"
In terms of security, I don't think there's much difference between using the browser and using the app.
MAC address (unique to every network interface), not SSID. MAC address is contained in the IP packet, and is not private information. If you/your router has communicated with any server, that server can record its MAC address, and assign it with a geographic location your phone has already transmitted prior, or use an estimate location (i.e. whatismyipaddress.com).
This obviously needs to be locked behind a permission prompt like location is. *sigh* This is why we can't have nice things....
Deleted (Score:2)
Damnit! I really like the AccuWeather app.
Now it's uninstalled.
Is it really so hard to make money with an app that user data has to be stolen to make a profit?
No VC will touch a business unless it sucks data, slings ads, or both.
Which is part of why VCs are actively harmful to society at large.
Don't worry, most of them will be wiped out in the next 5 years.
They knew this, even in Hollywood back in 1987:
(in regards to a company being labeled a sure thing)
"No such thing except death and taxes. No fundamentals, not a good company any more. What's going on, Bud? You know something? Remember there are no shortcuts, son. Quick buck artists come and go with every bull market, but the steady players make it through the bear market. You're a part of something here, Bud. The money you make for people creat
Accuweather is a free app. We don't pay for it, yet they have to run infrastructure, collect data, and other things that cost money. How do you think they pay for that? You aren't their clients. You're just part of their data set.
Display ads, don't steal user data.
The Weather Channel app displays ads; and, while the app could stand a bit of UI tweaking in my opinion, their forecasts are supposedly top-notch (according to Professor Cliff Mass).
Display ads, don't steal user data.
...and offer me an option to buy an ad-free version. If your product is worth it, I will gladly pay a reasonable amount to get rid of the ads.
I don't mind ads as long as they're well-behaved. My problem is the tracking that comes with them. There are an awful lot of apps (and websites) that allow you to pay money to disable ads, but the tracking continues to take place anyway.
The copy of Accuweather I use is paid... Definitely not a freebie. In any case, the app is history for now.
That's fine -- but in this case, the app is intentionally circumventing the user's express wishes and giving the impression that the user's wishes are being honored.
That's deceptive. An honest app would just refuse to run until you gave it the permissions that it demands. It wouldn't engage in hacks like this.
To get people's consent.
https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/enforcing-privacy-promises [ftc.gov]
So, went on an eclipse mini-vacation and I guess drove near the vicinity of a some trigger point. The caller was asking for another name, but still proceeded to sell me a pitch for a vacation spot I had "driven past." Now, was it my credit card company, the cell phone company, or the data-only account on my tablet who was responsible for leaking my location in real time to a vendor?
Possibly all three with an AI mediated auction to see which one was allowed to sell you out first. Welcome to the future; it was yesterday.
To a certain degree, it doesn't matter which it was. Your phone is clearly leaking data to somebody, and you probably want to fix that.
If you're running Android and have updated to a reasonably recent version of Google Maps, then that's probably your problem. They added a "feature" to allow this. If that's the cause, they did also add a new option to disable it, or (better) you can disable location services, or (best) you can uninstall the app entirely.
DROP TABLE location;
I got much better battery life after I removed the AccuWeather app from my phone (months ago). I thought it was doing something other than downloading ads all day.
You can block specific apps (or all apps) from running in the background on iOS...
we take privacy issues very seriously," the spokesperson said. "We work to have our [terms of service and agreements] as current as the law is evolving and often beyond that which may be legally required to protect the privacy of our users."
If you're only doing what's "legally required", then you aren't, in fact, taking privacy issues "very seriously".
Google runs Apple's app store now?
Only idiots or some robot would mod them up to a 4 star.
Seriously, accuweather is about the WORST forecast going.
Only idiots or some robot would mod them up to a 4 star.
I use Weather Pro. Granted it's an app that you have to buy, but it's been very accurate for me. I was on vacation in north eastern Canada and the weather that it predicted for at least the next 48 hours was the weather that we got. The northeast is notorious for it's unpredictable weather.
Thanks. Any weather app recommendations? (Score:1)