Recently, there has been increasing scrutiny of weather apps and the data that they collect. There have been public outcries after investigations and research have revealed mobile apps are tracking the locations of their users even when they say no to sharing the location data.
In Los Angeles, City Attorney Mike Feuer filed suit in early January against TWC Product and Technology, the maker of the Weather Channel mobile app. He accused the app of “covertly mining the private data of users and selling the information to third parties, including advertisers.”
The complaint alleges that TWC used the geolocation tracking technology present in the app to monitor where users live, work, and visit, twenty-four hours a day, as well as how much time users spend at each location. The complaint further alleges that TWC led its users to believe that their location data would only be used to provide them with “personalized local weather data, alerts and forecasts.” Instead, TWC allegedly sends this information to affiliates of its parent company, IBM, and other third parties for advertising and other commercial purposes entirely unrelated to the weather.
IBM’s initial response was to tell the New York Timesthat TWC “has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.”
The TWC app isn’t the only weather app that faced questions about alleged surreptitious tracking of users. The “Weather Forecast—World Weather Accurate Radar” app (previously known as “Weather—Simple weather forecast”) is made by TCL Communication Technology Holdings of Shenzhen, China. Upstream Systems, a U.K. mobile commerce and security firm, told the Wall Street Journal last month that the app “collects data including smartphone users’ geographic locations, email addresses and unique 15-digit International Mobile Equipment Identity (IMEI) numbers on TCL servers in China.”
“In 2018, it was the sixth most popular weather app in the U.K. and in Canada, and in 2017 it was among the 20 most popular in the U.S., according to App Annie,” the Wall Street Journal reported. The app is only available on Google’s Android system.
And in August 2017, security researcher Will Strafach found “the AccuWeather application for iOS requests location access under the premise of providing users localized severe weather alerts, critical updates, and faster launch time. Granting access to location information will also cause the application to send the following bits of information off to ’revealmobile.com’: Your precise GPS coordinates, including current speed and altitude. The name and ‘BSSID’ of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services. Whether your device has bluetooth turned on or off.”
He continued: “If you do not grant AccuWeather access to your GPS information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your device’s whereabouts.”
ZDNet was able to verify the researcher’s findings, saying it was “able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router’s MAC address and public data.” Reveal Mobile is a company that provides information to advertisers.
After news reports revealed that the AccuWeather app was transmitting individuals’ location data to Reveal Mobile even when the individuals did not allow location-tracking, a joint statement was released by the companies. “Reveal is updating its SDK and pushing out new versions of the [software kit] in the next 24 hours, with the iOS update going live [Tuesday],” an AccuWeather spokesperson told ZDNet. “The end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing.”
Individuals’ location data can reveal highly sensitive personal information – your set patterns for work and home; your physician and dentist; your child’s school or afterschool activities; or a detour to a medical center that focuses on substance abuse. There are significant privacy concerns surrounding location-tracking.
As always, any programs that collect such data need strong, publicly viewable rules that follow the Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. Especially in some of these cases concerning weather apps, it is unclear if collection limitation, purpose specification, use limitation, openness, individual participation, and accountability were followed. It should not be that simply using a weather app means that your privacy is at risk.