Now many are aware that developers of various applications and services provide the ability to send information about their users or customers to third parties. It can be an advertising network, a company or an analytical agency. Many developers and publishers are doing this, hiding behind the fact that all the information that is sent is impersonal.
Information security specialists have many times been convicted of such services or applications, which they can not think of, that they do something like that. One of these days, a similar case was opened, and the situation can not be called ordinary – the data of users to the third party is given by iOS application AccuWeather, with which many users of mobile devices and PC work,
The application itself requests access to collecting information about the user (including his location), justifying it by saying that the program is supposed to give correct warnings about weather problems, update or even work more efficiently.
The following information is required for the application to do all this (the program collects this data after obtaining the appropriate permission):
- Exact GPS coordinates, including the user's current location And the speed of its movement;
- The name of the wireless access point to which the user is currently connected. This information can also be used to refine geolocation;
- Read information about device activity.
Representatives of the Internet media Medium decided to check how safe this application is. As it turned out, within 36 hours it sent 16 times the data specified above to the company's servers. So it's quite possible to say that the user information is sent to the server of the company-owner of the program every few hours.
Information, by the way, is sent to the company Revealmobile It is engaged in Internet advertising and marketing. In particular, on its website it is reported that the company "will allow to convert data on geolocation to a valuable audience. A client company can generate more revenue without the need for additional advertising. "
In addition, Revealmobile uses data about a person's location in order to give an understanding of his behavioral characteristics. It is clear that such information will be useful, first of all, to marketers and analysts of various manufacturers of goods and service providers and services. The algorithm determines the location of the "home" and "office" in order to give retailers an understanding of the situation by the user audience of any of the regions where weather software is used.
It is difficult to say how well the information is anonymous, That the third party weather application sends the exact location of the user, it's true. In addition, other data are sent, such as the router model and BSSID. If you do not give the application the ability to send location data, it will still supply "to the side" data that includes the router model and BSSID. This, again, allows you to specify the location of the user of the application and without GPS.
According to one of the information security experts, Will Strathach, who study the situation with the application, AccuWeather for iOS is not the only such program in the Apple catalog that is associated with RevealMobile. In the application directory, there are more than forty, perhaps even more.
Well, what do the application developers say? "We are working to ensure that the policy of using the program and the application itself is in the legal field," the official statement of the company said. In Reveal Mobile, in turn, declare compliance with all the rules of the provisions of the policy of using the Apple application catalog.
At the same time, the developer of AccuWeather has suspended the work of the software package related to studying user preferences and sending these data to Reveal Mobile. Whatever it was, some representatives of the infobase recommend that you remove this program as soon as possible, at least until everything clears up.