AccuWeather Updates Its iOS App To Address Privacy Outcry

Taylor Hatmaker, writing for TechCrunch: Responding to privacy concerns, AccuWeather is out with a new version of its iOS app that removes a controversial data sharing behavior. Earlier this week, security researcher Will Strafach called attention to the practice in a post and users took to Twitter to announce their intention to dump the app in droves. "AccuWeather's app employed a Software Development Kit (SDK) from a third party vendor (Reveal Mobile) that inadvertently allowed Wi-Fi router data to be transmitted to this third-party vendor," the company wrote in a statement accompanying the app update. "Once we became aware of this situation we took immediate action to verify the operation and quickly disabled the SDK from the IOS app. Our next step was to update the IOS app and remove Reveal Mobile completely."

naive

[supernova87a]

I mean, maybe I'm just naive, but don't most people just assume that your phones/apps are leaky and not rely on them to say that they're protecting your privacy? I think it's worse that you act based on the assumption that your info is not being collected/transmitted/sold/leaked to others...

Re:Comforting

[bluefoxlucid]

Having seen the quality of programming most people put out, the "wtf this library does that?!" line sounds like exactly what happened.

You should see how much asinine shit I go back and un-create when I realize Docker or Ansible or some other such system has capabilities that I'd achieved with poorly-implemented, clunky scripts and clever playbook design. Programmers have it worse: they've got enormous, complex libraries, and they're universally bad at their jobs to the point that the Perl official documentation contained a Hello, World program in 5 lines that was remotely-exploitable--an obvious flaw if you know some obscure facts about how Perl works that even Larry Wall apparently forgot about. (programming r hard)

A lot of people think about programming like "I want to tell the computer to draw a house." No, you want to tell the computer to take a series of sensitive, highly-specific steps resulting in a figure shaped like a house on your screen. When you juggle user input, you have to figure out how that input can affect those steps, and ensure that the broad possibilities all fall into well-defined categories of outcomes, or else you have security vulnerabilities. When you use a third-party library, you're blindly using a pile of code that appears to do the right thing where you're looking, but who knows what it's doing in places you're not looking?

Rather than specifically-engineering each step along the way, programmers generally find a tool that does the job and verify that it produces the right result. That's reasonable enough, and this is what happens.

Granularity controls

[bobstreo]

There should be controls for everything an app can access built into all these portable computers. You should be able to lock out application access to location/bluetooth/wifi/contacts...

Otherwise, back to a flip phone. They're fine for texting and making/receiving phone calls. Not so good for youtube or facebook, and that's a good thing.