The AccuWeather application for iOS requests location access under the premise of providing users localized severe weather alerts, critical updates, and faster launch time. Granting access to location information will also cause the application to send the following bits of information off to “revealmobile.com”:
- Your precise GPS coordinates, including current speed and altitude.
- The name and “BSSID” of the Wi-Fi router you are currently connected to, which can be used for geolocation through various online services.
- Whether your device has bluetooth turned on or off.
During a testing period of 36 hours, specifically while the AccuWeather application was not in the foreground, my test iPhone (located on a desk in an office building) sent the above information to RevealMobile a total of 16 times, occuring roughly once every few hours.
What is revealmobile.com? What do they do?
From their website:
We convert mobile location signals into high value audiences. You generate more mobile revenue, with or without ads.
This reads as a very high level description, with no technical information. Let’s dig deeper. On this page, we find additional interesting claims:
By expanding the use case of location data to pre- and post-shopping experiences, entirely new possibilities open up for online and offline retailers. The value lies in understanding the path of a consumer and where they go throughout the day. Traveling from home to work to retail to soccer practice to dinner is vital to knowing the customer, and represents the new opportunity of mobile location data.
Then…
Location data also informs the home and work location of customers. Pairing this information with existing demographic targeting criteria allows retailers to target consumers with a high propensity to visit based upon two of their most relevant locations.
RevealMobile mentions the capability to gain insight into where a user lives, works, and frequented locations. If the data source powering this capability is not immediately clear, refer to this case study in which RevealMobile provides an explanation:
Our technology sits inside hundreds of apps across the United States. It turns the location data coming out of those apps into meaningful audience data. We listen for lat/long data and when a device “bumps” into a Bluetooth beacon. The data shown on the following pages reflects 102,535 opted-in location sharing mobile devices that we saw at retail locations Friday, November 25th, 2016.
The “location data coming out of those apps” would your precise GPS coordinates (Access granted under a more reasonable guise of weather alerts), and Wi-Fi router name/BSSID. If you do not grant AccuWeather access to your GPS information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your device’s whereabouts. This practice by a different company appears to have previously caught the attention of the FTC.
Other iOS apps with RevealMobile embedded
I have not yet been able to confirm RevealMobile’s technology “sits inside hundreds of apps” at this time. I was able to identify over 40 applications which had RevealMobile’s techonlogy embedded in them at one point, but after running the latest versions of each through an intercepting proxy in order to analyze all data sent out, I was only able to observe similar callbacks to “revealmobile.com” in one of them: Frank’s Forecast Weather App from KPRC 2.
I will continue to look further into this matter and hope to write a more comprehensive post in the future, which will include information about additional companies offering similar location-based tracking code for mobile apps, as well as the apps which embed this type of code.
Radar
rdar://problem/33975145
Contact
If you have any further questions regarding this finding, feel free to send me a tweet (chronic), or e-mail (will@wstraf.me).