September 27, 2020

Popular iOS Apps send user location data to third-party data analytics companies

1 min read

Security researchers at GuardianApp found that dozens of popular iOS Apps were found to send user location data to third-party data analytics companies. These apps all require location data to work correctly, they are weather, dating, or fitness apps, and sharing data with third-party companies can generate revenue for free apps.

Data collected by these applications include low-power Bluetooth beacon data, GPS dimensional data, Wi-Fi SSID and BSSID, and some applications also collect accelerometers, advertising identifiers, battery status and cellular network information.

Researchers used traffic monitoring to identify 24 applications that collect and share location data, including ASKfm, C25K 5K Trainer, Classifieds 2.0 Marketplace, MyRadar NOAA Weather Radar, NOAA Weather Radar, Perfect365, Photobucket, QuakeFeed Earthquake Alerts, and more.  

All location data monetization firms listed on this page collect one or more of the following data points:

  • Bluetooth LE Beacon Data
  • GPS Longitude and Latitude
  • Wi-Fi SSID (Network Name) and BSSID (Network MAC Address)

In addition, some firms also collect the following types of less sensitive device information:

  • Accelerometer Information (X-axis, Y-axis, Z-axis)
  • Advertising Identifier (IDFA)
  • Battery Charge Percentage and Status (Battery or USB Charger)
  • Cellular Network MCC/MNC
  • Cellular Network Name
  • GPS Altitude and/or Speed
  • Timestamps for departure/arrival to a location