Actual Cases

Iphone apps privacy leak: Dozens of Apps ‘constantly’ sending location data!

Iphone apps privacy leak:

In September, security researchers discovered that dozens of popular news, weather, & fitness iPhone apps that require access to location data sell the data they collect to companies engaged in ad targeting.

Dozens of popular iPhone apps are sharing the location data of millions of mobile devices with third-party data monetization firms, according to a group of security researchers called GuardianApp (via TechCrunch).

The apps in question are mostly news, weather, and fitness apps that require access to location data to work properly, but then share that data to earn money.

Iphone apps privacy leak: Dozens of Apps 'constantly' sending location data!

According to security researchers, the apps send both precise location and other sensitive customer data to data monetization companies “at all times, constantly” sometimes without customers being aware of the location data collection. The information is used for purposes like creating databases for ad targeting.

Researchers used tools to monitor network traffic to discover apps collecting Bluetooth LE data, GPS longitude and latitude, WiFi SSIDs, accelerometer information, battery charge percentage, location arrival/departure timestamps, and more.

While the apps say that personally identifiable information is not included in the data collection, one of the researchers, Will Strafach, told TechCrunch that latitude and longitude coordinates can provide information on a person’s home or work. Many customers who agree to provide apps with location data may not be aware of the extent of the information being collected and shared.

Apps that were found to be collecting location info and sending it to data monetization firms include ASKfm, NOAA Weather Radar, Homes.com, Perfect365, C25K 5K Trainer, Classifieds 2.0 Marketplace, GasBuddy, Photobucket, Roadtrippers, Tapatalk, and more, with a full list available on the site.

The data is being sent to companies that include Reveal, Sense360, Cuebiq, Teemo, Mobiquity, and Fysical. These companies denied wrongdoing, suggested customers were able to opt out at any time, and said that developers are required to inform customers about the data collection.

Read the full article from here