Now, many are aware that the developers of various applications and services provide the ability to send information about their users or customers to third parties. This may be an advertising network, a company or an analytical agency. Many developers and publishers do this, hiding behind the fact that all the information that is sent is impersonal.
Information security specialists have been caught many times in such services or applications, which it is impossible to think that they are doing something similar. A similar case was revealed the other day, and the situation cannot be called an ordinary one - AccuWeather
, an iOS application
from many users of mobile devices and PCs, gives
third-party user data to a third-party user.
This application itself requests access to the collection of information about the user (including its location), justifying this by saying that the program will allegedly give correct warnings about weather problems, be updated or generally work more efficiently.
In order for the application to be able to do all this, the following information is required (the program collects this data after obtaining the appropriate permission):
- Accurate GPS coordinates, including the current location of the user and the speed of his movement;
- The name of the wireless access point the user is currently connected to. This information can also be used to clarify geolocation;
- Read device activity information.
Representatives of the online media Medium decided to check
how safe this application is. As it turned out, within 36 hours it sent the above data 16 times to the company's servers. So it is quite possible to say that user information is sent to the server of the company owning the program every few hours.
Information, by the way, is sent to the company Revealmobile. It is engaged in Internet advertising and marketing. In particular, on its website it is reported
that the company “will allow to convert data on geolocation into a valuable audience. At the same time, the client company will be able to generate more revenue without the need for additional advertising. ”
In addition, Revealmobile uses data
about a person’s location in order to give an understanding of their behavioral characteristics. It is clear that such information will be useful, first of all, for marketers and analysts of various manufacturers of goods and service providers. In this case, the algorithm determines the location of the "home" and "office" in order to give retailers an understanding of the situation by the user audience of any of the regions where they use weather software.
It is difficult to say how well the information is anonymized, but the fact that the weather application sends the exact location of the user to a third party is true. In addition, other data will be sent, such as the router model and BSSID. If you do not give the application to send location data, it will still deliver "on the side" data, which includes the router model and BSSID. This, again, allows you to specify the location of the application user without GPS.
According to one of the information security specialists, Will Strafach, who studies the situation with the application, AccuWeather for iOS is not the only such program in the Apple catalog that is associated with RevealMobile. There are more than forty of them in the application catalog, perhaps more.
Well, what do the application developers say? "We are working to ensure that the policy of using the program and the application itself are in the legal field," - stated in the official statement of the company. Reveal Mobile, in turn, declares compliance with all of the rules of the provisions of the Apple application catalog policy.
At the same time, the AccuWeather developer has so far suspended the work of the software package related to the study of user preferences and sending this data to Reveal Mobile. Anyway, some representatives of infobez recommend deleting this program as soon as possible, in any case, until everything becomes clear.