https://www.wsj.com/articles/popular-weather-app-collects-too-much-user-data-security-experts-say-11546428914
By Newley Purnell
The Wall Street Journal
Updated Jan. 2, 2019
NEW DELHI -- A popular weather app built by a Chinese tech conglomerate
has been collecting an unusual amount of data from smartphones around the
world and attempting to subscribe some users to paid services without
permission, according to a London-based security firm's research.
The free app, one of the world's most-downloaded weather apps in Google's
Play store, is from TCL Communication Technology Holdings Ltd., of
Shenzhen, China. TCL makes Alcatel- and BlackBerry -branded phones, while
a sister company makes televisions.
The app, called "Weather Forecast-World Weather Accurate Radar," collects
data including smartphone users' geographic locations, email addresses and
unique 15-digit International Mobile Equipment Identity (IMEI) numbers on
TCL servers in China, according to Upstream Systems, the mobile commerce
and security firm that found the activity. Until last month, the app was
known as "Weather-Simple weather forecast."
A TCL spokesman didn't address queries about the amount of data the app
collects.
The weather app also has attempted to surreptitiously subscribe more than
100,000 users of its low-cost Alcatel smartphones in countries such as
Brazil, Malaysia and Nigeria to paid virtual-reality services, according
to Upstream Systems. The security firm, which discovered the activity as
part of its work for mobile operators, said users would have been billed
more than $1.5 million had it not blocked the attempts.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
