Orwell’s weather app: Popular Android app found to collect MASSIVE amounts of user data

Experts warn smartphone users about downloading the popular weather app called “Weather Forecast – World Weather Accurate Radar” as they have found that it collects massive amounts of data from users all over the world without their consent.

The free app was developed in December 2016 by Chinese tech glomerate TCL Communication Technology Holdings Ltd., which also manufactures Alcatel- and BlackBerry-branded smartphones. It is one of the most downloaded weather apps in Google’s Play store, with over 10 million downloads since its release.

While it is common for weather apps to request a user’s location to present local weather alerts and forecasts, the popular app gathers detailed data from its users, such as geographic locations, email addresses, and even their unique identifier number.

Upstream Systems, a London-based security firm, first discovered this unusual activity of the app. It found that the weather app attempted to subscribe more than 100,000 users of its Alcatel smartphones to paid virtual-reality services. The attempts were made from a pre-installed version of the app on Alcatel smartphones that cannot be deleted from the devices without taking certain steps. Those who want to use the app are asked to accept an end-user license agreement.

The security firm also said that users would have been forced to pay more than $1.5 million had it not been stopped the attempts. Many affected users were from Brazil, Malaysia, and Nigeria.

According to a report by The Wall Street Journal, TCL kept mum about the attempted subscriptions, but said that they’re “evaluating new security consultants who can provide additional validation of the safety of our mobile applications we develop.” Since then, TCL updated the app and stopped subscribing users to services. However, it still collects sensitive user data.

Facebook collects app users’ data without consent

The discovery is the latest in a string of controversies surrounding apps that violate users’ privacy. In a recent investigation, the WSJ also found that Facebook collects data from smartphone users’ other apps without their consent.

According to the report, many app developers use an analytics tool called App Events, a Facebook-provided tool that allows them to record their users’ activity and then share it with the social media giant. Data can include extremely sensitive information, such as insights to users’ fertility, heart rate, and other health concerns, which may be used to target its own users with specific advertising.

What’s even more alarming is that the apps may do this even if their users do not use a Facebook account to log into the app. Additionally, they may send information about an app user who does not have an account of the social media network.

Out of 70 popular apps examined, 11 shared data of their users – such as information users entered or data the app gathered about the users’ activity – with Facebook. None of the apps informed their users about this data-sharing tool through privacy policies or terms of service.

Similarly, a study published in JAMA Network Open exposed the data-sharing practices of many popular health apps, such as those for mental health. The researchers revealed that out of the 36 apps they examined, 33 shared information with data analytics firms and advertisers about their users’ activities. Furthermore, they shared highly sensitive information, including self-reports on substance abuse, entries into health diaries, and usernames.

Beware of the apps that you download. Learn more at PrivacyWatch.news.

Sources include:

WSBuzz.com

Huffpost.com

WSJ.com