21 comments

[ 4.6 ms ] story [ 63.3 ms ] thread
Why does Apple even bother with being "serious" about privacy when they allow this shit in their app store? I guess when you keep billions of dollars off shore and the money keeps arriving by the truckful you just run out of fucks to give.
I am in contact with Apple regarding this situation and have provided all information that I have on hand. I am confident they will take action after they independently investigate and confirm.
Curious to hear how it turns out.
(comment deleted)
Very disappointing, this was my go to weather app. Any other recommendations? I'm using iOS in Australia, but also like an app that can track international weather.
I've been using Dark Sky for years now and very happy with it.
I used to use the BOM’s app, but I’ve gone back to using the default weather app as of iOS 11, I find it to be as accurate as anything else tbh.
The default app from the Weather Channel? That's owned by IBM.
(comment deleted)
If you're using a free service with no ads, then of course they are selling any data you give them access to.

This isn't really news.

What's not clear is if AccuWeather, which has an ad-free paid in-app-purchase, would still send this information even if someone opted out of ads that way. If this information was sent even from the paid users' devices, that would be even worse!

@willstrafach, any idea about this?

This is a very good point, I have not tested the behavior of AccuWeather for paying users.
I'm not sure as to what Apple could even do here. Make AccuWeather disclose this and be honest with its users in the app description? When we give away location information to any app, that information may go anywhere. It's probably a matter of luck that this particular app was sending it to a third party site directly and was "caught", but other apps may as well be sending it to their own servers, which in turn send them to many data brokers and ad targeters. We wouldn't know anything for the rest of them.

This seems like a complex problem to me, and it seems like the solutions cannot be technical alone. We would need to push for better policies and laws too.

We don't have to entirely rely on Apple doing something. The users have a voice also. I went on and left a 1 star review, explaining that the apps tracks your location and sells this data. If enough users would do this, it will send a strong signal to the developers that this shit in unacceptable.

As to what can be done to proactively prevent this kind of behaviour: eliminating the "use you location even when not using the app" option should be enough. I believe iOS 11 will have this.

Worth noting: If you deny it GPS access, the app will send your Wi-Fi BSSID and (apparently) uses Bluetooth beacons to track your location.
Can any app access Wi-Fi BSSID? Why isn't this restricted under location or another permission? Presumably apps can also use IP address for geolocation.
IP address is not too reliable, but you are correct, they could.

I do agree that BSSID should be shielded behind a permission, I believe Apple is deprecating that API anyway though, so it may be a non-issue in iOS 12.

This is why an app asking for my location is an instant no. The only exceptions are apps where location is the main feature (Google Maps, etc).
I think the interesting issue here is the legitimate reason for location access to be granted. They say it will allow you to get local severe weather alerts, so a decent number of folks may be interested in that and allow access, unaware AW is sending the GPS information to RevealMobile.
Are they subject to a class action lawsuit because of this?
LOL for what? I mean the technical answer is yes, it's pretty easy to sue for whatever you want.