Slashdot Mirror
AccuWeather Updates Its iOS App To Address Privacy Outcry (techcrunch.com)
Taylor Hatmaker, writing for TechCrunch: Responding to privacy concerns, AccuWeather is out with a new version of its iOS app that removes a controversial data sharing behavior. Earlier this week, security researcher Will Strafach called attention to the practice in a post and users took to Twitter to announce their intention to dump the app in droves. "AccuWeather's app employed a Software Development Kit (SDK) from a third party vendor (Reveal Mobile) that inadvertently allowed Wi-Fi router data to be transmitted to this third-party vendor," the company wrote in a statement accompanying the app update. "Once we became aware of this situation we took immediate action to verify the operation and quickly disabled the SDK from the IOS app. Our next step was to update the IOS app and remove Reveal Mobile completely."
Hey Mr CEO, you've still got a little egg on your face. Right there on your chin.
I mean, maybe I'm just naive, but don't most people just assume that your phones/apps are leaky and not rely on them to say that they're protecting your privacy? I think it's worse that you act based on the assumption that your info is not being collected/transmitted/sold/leaked to others...
Once we became aware of this situation
Translation: once we became aware that we'd been caught doing this
Having seen the quality of programming most people put out, the "wtf this library does that?!" line sounds like exactly what happened.
You should see how much asinine shit I go back and un-create when I realize Docker or Ansible or some other such system has capabilities that I'd achieved with poorly-implemented, clunky scripts and clever playbook design. Programmers have it worse: they've got enormous, complex libraries, and they're universally bad at their jobs to the point that the Perl official documentation contained a Hello, World program in 5 lines that was remotely-exploitable--an obvious flaw if you know some obscure facts about how Perl works that even Larry Wall apparently forgot about. (programming r hard)
A lot of people think about programming like "I want to tell the computer to draw a house." No, you want to tell the computer to take a series of sensitive, highly-specific steps resulting in a figure shaped like a house on your screen. When you juggle user input, you have to figure out how that input can affect those steps, and ensure that the broad possibilities all fall into well-defined categories of outcomes, or else you have security vulnerabilities. When you use a third-party library, you're blindly using a pile of code that appears to do the right thing where you're looking, but who knows what it's doing in places you're not looking?
Rather than specifically-engineering each step along the way, programmers generally find a tool that does the job and verify that it produces the right result. That's reasonable enough, and this is what happens.
Support my political activism on Patreon.
Hey Mr CEO, you've still got a little egg on your face. Right there on your chin.
I don't think that's egg. It's a little more like... ewwwww
I mean, maybe I'm just naive, but don't most people just assume that your phones/apps are leaky and not rely on them to say that they're protecting your privacy?
No, most people don't give the matter a second thought.
As George W. Bush once said:
“There's an old saying in Tennessee — I know it's in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can't get fooled again.”
I certainly wouldn't trust AccuWeather again.
"That's the way to do it" - Punch
There should be controls for everything an app can access built into all these portable computers. You should be able to lock out application access to location/bluetooth/wifi/contacts...
Otherwise, back to a flip phone. They're fine for texting and making/receiving phone calls. Not so good for youtube or facebook, and that's a good thing.
"Once we became aware of this situation we took immediate action to verify the operation and quickly disabled the SDK from the IOS app. Our next step was to update the IOS app and remove Reveal Mobile completely." - IIRC, they denied it at first.
That activity became offensive only because they were caught selling it to a 3rd party.
I disagree. I think it became offensive when the app went out of its way to gather location information after the user specifically and intentionally disabled location information.
The part I don't get is why people use AccuWeather. The National Weather Service has extremely high quality forecasts right there on their web page, and if you visit http://mobile.weather.gov/ in your iOS device and tap "Share/Add To Home Screen", it's wrapped up behind an icon and "acts" like an app. As a plus, you've already paid for them with your taxes. And they have no privacy violating trackers on their page, not even a google analytics link.
Most importantly, you're not feeding some shitty company who has been trying to make the National Weather Service lock up our public weather data, and who bought and paid for a U.S. senator for exactly that purpose.
John
That activity became offensive only because they were caught selling it to a 3rd party.
I disagree. I think it became offensive when the app went out of its way to gather location information after the user specifically and intentionally disabled location information.
We would live in a world seething with wisdom and intelligence if people were actually offended about corporations fucking them over. Laziness, ignorance, and stupidity paint the reality we have instead.