“Popular weather app AccuWeather has been caught sending geolocation data to a third-party data monetization firm, even when the user has switched off location sharing,” Zack Whittaker reports for ZDNet. “AccuWeather is one of the most popular weather apps in Apple’s app store, with a near perfect four-star rating and millions of downloads to its name. But what the app doesn’t say is that it sends sensitive data to a firm designed to monetize user locations without users’ explicit permission.”

“Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn’t have permission to access the device’s precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours,” Whittaker reports. “That data can be correlated with public data to reveal an approximate location of a user’s device.”

“While AccuWeather’s privacy says that the company and its partners may use geolocation tracking technologies, its privacy policy doesn’t specifically state that this data will be used for advertising, Strafach told ZDNet,” Whittaker reports. “‘Essentially I see a few problems,’ he said. ‘AccuWeather get GPS access under an entirely innocent premise — no users expect the location data to be used this way,’ he said. Several people have tweeted at Strafach in recent days to say they have deleted the app, based on his findings.”

Read more in the full article here.

MacDailyNews Take: Two words: Dark Sky.