0
(Image: file photo)
AccuWeather is still sending precise geolocation data to a third-party advertiser, ZDNet can confirm, despite updating its app earlier this week to remove a feature that collected user’s location data without their permission.
In case you missed it, AccuWeather was until this week sending the near-precise location of its iPhone app users to Reveal Mobile, a data monetization firm — even when location sharing was switched off. Security researcher Will Strafach, who first reported the issue, also accused the company of sharing a user’s precise GPS coordinates under the guise of providing local weather alerts.
The news sparked outrage and anger. AccuWeather responded with a forced apology, which one leading Apple critic John Gruber called a “bulls**t response.”
However, tests conducted by Strafach show that the updated app, released Thursday, still shares precise geolocation data with a data monetization and advertising firm.
ZDNet independently verified the findings. We found that AccuWeather was still, with location sharing enabled, sending precise GPS coordinates and altitude albeit to a different advertiser, without the user’s explicit consent.
That data can be used to pinpoint down to a few meters a person’s location — even which floor of a building they are on.
(Image: ZDNet)
The data is sent to a server run by Nexage, now owned by AOL, which uses the data as part of its AdMax platform for increasing mobile advertising revenue. According to one of its pages, Nexage will use the location data “to ensure users receive the best quality ads and that publishers get the highest possible eCPM,” referring to the cost-per-mile metric for advertisers.
But at no point does AccuWeather’s updated app explicitly state that the location data will be used for advertising, a key criticism first noted by Strafach in his original disclosure.
Gruber said in his blog post that users who permit their location to be shared are doing so under “the guise of showing you local weather wherever you are.”
Strafach commented Friday that many of those who did not want their location data used for purposes besides local alerts are “still angry,” and noted that these concerns have gone “totally unacknowledged by AccuWeather.”
A rival weather app, Dark Sky, said in a blog post Wednesday that the monetization of customer’s location data is “a much larger — and more widespread — phenomenon.”
Dark Sky, which says it doesn’t and “never will” share its customers location data with third party advertisers or data monetization firms, posted several screenshots of emails they have received soliciting business to monetize their customers’ locations.
Adam Grossman, co-creator of Dark Sky, said in the blog post: “These companies all claim that the location data they collect is “anonymous”, and that it can’t be used to identify or track individual people — this is false,” he said.
“In fact, it’s trivially easy for one of these data monetization firms to put real names to the latitude/longitude pairs they receive,” Grossman added.
An AOL spokesperson did not provide by the time of publication. A spokesperson for AccuWeather did not respond to a request for comment. If that changes, we’ll update.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
Read More
ZDNET INVESTIGATIONS
Leaked TSA documents reveal New York airport’s wave of security lapses
US government pushed tech firms to hand over source code
At the US border: Discriminated, detained, searched, interrogated
Millions of Verizon customer records exposed in security lapse
Meet the shadowy tech brokers that deliver your data to the NSA
Inside the global terror watchlist that secretly shadows millions
FCC chairman voted to sell your browsing history — so we asked to see his
With a single wiretap order, US authorities listened in on 3.3 million phone calls
198 million Americans hit by ‘largest ever’ voter records leak
Britain has passed the ‘most extreme surveillance law ever passed in a democracy’
Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it
Leaked document reveals UK plans for wider internet surveillance
0