A cyber security researcher claims the AccuWeather app, one of the most popular weather apps for the iPhone, was sending users' private location data to a data collection firm even when a user set preferences to stop sharing his or her location with the app.

According to research published by Will Strafach, a cyber researcher and founder of mobile security company Verifyly, the AccuWeather app was accessing user location even after a user denied it permission to do so. Strafach, who started tweeting about his findings on Aug. 17, said the app sent the Wi-Fi router name and its unique MAC address every couple of hours to the servers belonging to Reveal Mobile, a firm that helps companies convert user location signals into revenue. ZDNet verified Strafach's findings.

Collecting location data on users who have opted out of location sharing is against Apple's rules for app developers, Strafach tweeted. Back in 2016, the Federal Trade Commission lodged a civil complaint against mobile advertising network InMobil for tracking user location without permission. AccuWeather, during a call with ZDNet, says it was not doing the same thing as InMobil.

Other outlets report users are deleting their AccuWeather app.

According to AccuWeather, through a public statement, Strafach's findings were based on sources "not connected to the actual information."

"If a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user," AccuWeather insisted.

Reveal Mobile also issued a statement, explaining how it does not "attempt to reverse engineer a device's location" when location services are disabled. But, after reviewing how their software developer kit (SDK) behaved, the company said it realized how it could be "misconstrued" to appear like it was accessing a user's location who opted out.

"In response to that, we've released a new version of our SDK, which will no longer send any data points which could be used to infer location when someone opts out of location sharing," Reveal said.

AccuWeather went on to describe the issue was a "misinterpretation" of what the companies were doing. It denied it ever used the data and stated how it was "unaware" the data in question was "available."

Despite the denial, AccuWeather, which was founded by Joel Myers in 1962, said it removed Reveal from its iPhone app until it is fully compliant with requirements.

"Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing," AccuWeather said.

Published on: Aug 23, 2017