Recently, there has been increasing scrutiny of weather apps and the data that they collect. There have been public outcries after investigations and research have revealed mobile apps are tracking the locations of their users even when they say no to sharing the location data.
In Los Angeles, City Attorney Mike Feuer filed suit in early January against TWC Product and Technology, the maker of the Weather Channel mobile app. He accused the app of â€œcovertly mining the private data of users and selling the information to third parties, including advertisers.â€
The complaint alleges that TWC used the geolocation tracking technology present in the app to monitor where users live, work, and visit, twenty-four hours a day, as well as how much time users spend at each location. The complaint further alleges that TWC led its users to believe that their location data would only be used to provide them with â€œpersonalized local weather data, alerts and forecasts.â€ Instead, TWC allegedly sends this information to affiliates of its parent company, IBM, and other third parties for advertising and other commercial purposes entirely unrelated to the weather.
IBMâ€™s initial response was to tell the New York Timesthat TWC â€œhas always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously.â€
The TWC app isnâ€™t the only weather app that faced questions about alleged surreptitious tracking of users. The â€œWeather Forecastâ€”World Weather Accurate Radarâ€ app (previously known as â€œWeatherâ€”Simple weather forecastâ€) is made by TCL Communication Technology Holdings of Shenzhen, China. Upstream Systems, a U.K. mobile commerce and security firm, told the Wall Street Journal last month that the app â€œcollects data including smartphone usersâ€™ geographic locations, email addresses and unique 15-digit International Mobile Equipment Identity (IMEI) numbers on TCL servers in China.â€
“In 2018, it was the sixth most popular weather app in the U.K. and in Canada, and in 2017 it was among the 20 most popular in the U.S., according to App Annie,” the Wall Street Journal reported. The app is only available on Google’s Android system.
And in August 2017, security researcher Will Strafach found â€œthe AccuWeather application for iOS requests location access under the premise of providing users localized severe weather alerts, critical updates, and faster launch time. Granting access to location information will also cause the application to send the following bits of information off to â€™revealmobile.comâ€™: Your precise GPS coordinates, including current speed and altitude. The name and â€˜BSSIDâ€™ of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services. Whether your device has bluetooth turned on or off.â€
He continued: â€œIf you do not grant AccuWeather access to your GPS information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your deviceâ€™s whereabouts.â€
ZDNet was able to verify the researcherâ€™s findings, saying it was â€œable to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router’s MAC address and public data.â€ Reveal Mobile is a company that provides information to advertisers.
After news reports revealed that the AccuWeather app was transmitting individualsâ€™ location data to Reveal Mobile even when the individuals did not allow location-tracking, a joint statement was released by the companies. â€œReveal is updating its SDK and pushing out new versions of the [software kit] in the next 24 hours, with the iOS update going live [Tuesday],â€ an AccuWeather spokesperson told ZDNet. â€œThe end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing.â€
Individualsâ€™ location data can reveal highly sensitive personal information â€“ your set patterns for work and home; your physician and dentist; your childâ€™s school or afterschool activities; or a detour to a medical center that focuses on substance abuse. There are significant privacy concerns surrounding location-tracking.
As always, any programs that collect such data need strong, publicly viewable rules that follow the Fair Information Practices: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability. Especially in some of these cases concerning weather apps, it is unclear if collection limitation, purpose specification, use limitation, openness, individual participation, and accountability were followed. It should not be that simply using a weather app means that your privacy is at risk.