Researcher Will Strafach detailed his findings in a post after about 36 hours of testing. He said that the app asked for location access in order to provide alerts about severe weather, critical updates and quicker start times.
But, he said, when location access was granted, the app sent precise GPS co-ordinates (including speed and altitude), the name and BSSID of the Wi-Fi router to which the iOS device was connected, and whether the device had bluetooth turned on.
Strafach pointed out that knowledge of the router could be used for geolocation through a number of online services.
|
|
The alert that appears when requesting access to GPS information on iOS.
Strafach said RevealMobile said it had the capability to gain insight into where a user lives, works, and his or her frequented locations.
He pointed to a case study where RevealMobile had provided this explanation:
"Our technology sits inside hundreds of apps across the United States. It turns the location data coming out of those apps into meaningful audience data. We listen for lat/long data and when a device 'bumps' into a Bluetooth beacon. The data shown on the following pages reflects 102,535 opted-in location sharing mobile devices that we saw at retail locations Friday, November 25th, 2016."
Strafach said similar leaking of data by another company, InMobi, had attracted the attention of the US Federal Trade Commission.
Graphics: courtesy Will Strafach
