Recently, the independent software security researcher Will Strafach reported that the iOS application known as AccuWeather has been detected to send personal user information to a third-party company known as Reveal Mobile.
The Reveal Mobile company has stated on their website to be able to help app developers to increase the revenue they earn through their products by making use of data regarding the location of the mobile devices on which the apps are installed. This seems to be the case with the AccuWeather app which, as Strafach claims, has been streaming personal user location data to Reveal Mobile. The research carried out by Strafach suggests that information is being transferred from the mobile device that has the said application on a regular basis (every couple of hours). Throughout e period of 36 hours, 16 instances of data transfer have been detected by the security researcher. More specifically, the information that was being streamed was the precise GPS coordinates of the device, the name and the BSSID address of the wireless network connection that was being used at the moment of the data gathering as well as information on the current status of the Bluetooth connection of the smartphone.
Location data
Nowadays, in a world where mobile devices are steadily becoming more and more popular, information concerning the mobile location is a highly-valued resource that is heavily sought after. This is why app developers have come up with different ways to gain that information. Normally, the majority of users tend to manually disable the location of their smartphones making it more difficult for application developers to keep tabs on the location of the device. This is also the reason why apps such as AccuWeather also collect data regarding the current Wi-Fi network that is being used. By implementing a variety of services and making use of a number of databases, app developers could still obtain approximate coordinates on the user’s device.
It’s all about the ads
The main reason why information such as current location or regular online habits of the user are deemed as valuable and important has to do with the online advertising industry. You have undoubtedly noticed how with each passing day, the Internet seems to be getting more and more flooded with all sorts of advertising materials. In fact, oftentimes, especially when it comes to mobile devices, the ads also tend to get displayed on the user’s desktop without even having the browser opened. However, in order for all this advertisement to be effective, the ads need to be targeted. This means that the adverts that each individual user gets displayed must be in line with their personal preferences so as to increase the chances of the user interacting with them (which effectively earns revenue for the ad distributor). Therefore, gathering personal data such as browsing habits and current location enables advert distributors to form a profile of the individual user and determine what ads to display to them.
Implications
Any gathering of personal information and having it send to third-parties without the user’s knowledge or consent should be seen as undesirable even if it is done for the sole purpose of feeding you more relevant ads. Despite this being a very common practice nowadays, this sort of privacy invasion is certainly an issue that needs to be addressed and taken into consideration. Creating personalized profiles of one’s preferences, habits and even places they go is against the each person’s right of privacy and even if such data collection is in most cases technically legal, it is still not something that should be taken lightly. In addition, should an online criminal get their hands on personal data such as the that gathered by mobile apps, there’s a lot of potential harm for the users that could result from such an attack. It is not uncommon for hackers to make use of private information in order to blackmail their victims and the unfortunate fact is that in a lot of instances, the customers aren’t aware of what happens to their personal information after it gets collected by the mobile apps which tend to do that.
