In recent days, it has come to light that AccuWeather, our previous pick for the best general weather app for iOS users, has been collecting location-identifying information and selling it.
Zack Whittaker at ZDNet first broke the story:
Security researcher Will Strafach intercepted the traffic from an iPhone running the latest version of AccuWeather and its servers and found that even when the app didn’t have permission to access the device’s precise location, the app would send the Wi-Fi router name and its unique MAC address to the servers of data monetization firm Reveal Mobile every few hours. That data can be correlated with public data to reveal an approximate location of a user’s device.
We independently verified the findings, and were able to geolocate an AccuWeather-running iPhone in our New York office within just a few meters, using nothing more than the Wi-Fi router’s MAC address and public data.
Clearly, this is a major breach of user privacy, as this data collection took place even if Location Services for the app was disabled in iOS’ Settings app.
As John Gruber wrote, the developer has not be forthright in their handling of the situation.
At The Sweet Setup, we work hard to filter through the huge number of apps in a given category and pick the best ones for our readers. While we liked a lot about the app, this undisclosed data collection — and the subsequent handling of the news story about it — has made it clear that we can no longer recommend AccuWeather.
Coincidentally, we were working on a review to replace AccuWeather as our top pick already when this news broke, and are working hard to have that up as soon as possible.
(Spoiler Alert: Our new pick is Carrot Weather.)