advertisement
advertisement

AccuWeather issues statement on claims it was collecting and sharing location data against users’ will

The popular weather app and data monetization firm Reveal have issued a joint statement after security researcher Will Strafach found evidence that AccuWeather was still sharing Wi-Fi MAC address information with Reveal even after users opted out of sharing location data via the app. As CNet reported, it found that AccuWeather and Reveal could locate a user within meters of their location using their Wi-Fi and MAC address information. Reveal’s business model shares anonymized user location information with online advertisers. The findings Strafach revealed suggested that such location information was potentially still being shared after users’ opted out of doing so. Here’s AccuWeather and Reveal’s response:

Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.

Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.

AccuWeather and Reveal Mobile are committed to following the standards and best practices of the industry. We also recognize this is a quickly evolving field and what is best practice one day may change the next. Accordingly, we work to update our practices regularly.

To avoid any further misinterpretation, Reveal is updating its SDK and pushing out new versions of the SDK in the next 24 hours, with the iOS update going live tonight. The end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing. In the meanwhile, AccuWeather had already disabled the SDK, pending that update.

Reveal has stated that the SDK could be misconstrued, and they assure that no reverse engineering of locations was ever conducted by any information they gathered, nor was that the intent.

AccuWeather will work with Reveal to restore the SDK when it has been amended and will continue to update its ULAs to be transparent and current with evolving standards. AccuWeather and Reveal continue to enhance methods for handling data and strive to provide superior, seamless, and secure user experiences.

We are grateful to have a supportive community that highlights areas where we can optimize and be more transparent.

MG