I began following this story[1] after Will Strafach tweeted a series of accusatory tweets[2] against popular weather app AccuWeather. In these tweets, Strafach accuses AccuWeather of using a third-party company to monetize user location. Not only when granted location permission but also when disabled.

Being bold accusations, I wanted to wait for AccuWeather to release a statement before commenting on this issue. While I waited for this, Reveal Mobile, the third-party company paying for this location information, issued a statement to 9to5mac[3].

We don’t attempt to reverse engineer a device’s location if someone opts out of location services, regardless of the data signal it comes from. In looking at our current SDK’s behavior, we see how that can be misconstrued. In response to that, we’re releasing a new version of our SDK today which will no longer send any data points which could be used to infer location when someone opts out of location sharing.

What I gather from this statement is that device location is not tracked if permission was not given. By looking at the data sent to themselves by themselves, they accept it looks bad. They will stop sending themselves this information with an updated SDK.

Okay, that’s fine right? We'll assume Reveal Mobile is telling the truth and the sent information was of no use.

With this statement in mind, lets move on to the statement released by AccuWeather jointly with Reveal Mobile[4].

Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user.

Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. In fact, AccuWeather was unaware the data was available to it. Accordingly, at no point was the data used by AccuWeather for any purpose.

Lets go ahead and stop here for a minute. GPS coordinates are not collected if location permission if disabled. In this case, the collected information was only Wi-Fi network information. AccuWeather did not know and did not use this network information.

No shit you're not using it! You're selling the information to a third-party company to use!

To avoid any further misinterpretation, while Reveal is updating its SDK, AccuWeather will be removing the Reveal SDK from its iOS app until it is fully compliant with appropriate requirements. Once reinstated, the end result should be that zero data is transmitted back to Reveal Mobile when someone opts out of location sharing. In the meanwhile, AccuWeather had already disabled the SDK, pending removal of the SDK and then later reinstatement.
Reveal has stated that the SDK could be misconstrued, and they assure that no reverse engineering of locations was ever conducted by any information they gathered, nor was that the intent.

The SDK is being updated to not send the Wi-Fi network information when location permission is off. GPS coordinates will still be transmitted to Reveal Mobile if location permission has been granted.

Is this any better? You're a damn weather app, of course the majority of users are going to grant location information.

AccuWeather will to update its practices, communications and ULAs to be transparent and current with evolving standards. AccuWeather and Reveal continue to enhance methods for handling data and strive to provide superior, seamless, and secure user experiences.

If you really want to provide superior and secure user experiences, maybe you should also stop selling user location information.

When I pay to remove ads from an app I do so because I have found great use in the app. I want to support that app. I want to support that developer. It wasn't because the ads were annoying and I wanted to get rid of them.

There are literally millions of apps, for every app there is a competitor. Why should anybody support an app which sells their location information behind their back?

If you use AccuWeather, I recommend deleting the app immediately and leaving a review which reflects upon your thoughts about this issue. Developers need to know selling user information is NOT OKAY and will not be tolerated.

Some noteable alternative weather apps include:
Weather Line

  1. https://medium.com/@chronic_9612/advisory-accuweather-ios-app-sends-location-information-to-data-monetization-firm-83327c6a4870 ↩︎

  2. https://twitter.com/chronic/status/898356025262321664 ↩︎

  3. https://9to5mac.com/2017/08/21/accuweather-app-sends-location-data-when-denied-access/ ↩︎

  4. https://www.accuweather.com/en/press/69041756 ↩︎