Dive Brief:
- AccuWeather removed the Reveal Mobile SDK from its app after a security researcher Will Strafach revealed the SDK transmitted Wi-Fi router data to a third-party vendor, according to Tech Crunch.
- Strafach posted the information on Medium, and AccuWeather users quickly voiced their complaints on Twitter.
- AccuWeather said it took action immediately, disabling the SDK, updating the app and removing Reveal Mobile completely, according to a company statement.
Dive Insight:
AccuWeather said it did not access the location data and Reveal did not either. It seems unlikely the company would be unaware of both the situation and the use of the data given Reveal went to the trouble to collect it.
Either way, AccuWeather did the right thing in responding quickly and making the change. Whether that’s enough to keep their users, however, remains to be seen.
Companies that use third-party vendors need to be extremely careful that they are aware of what data the third party collects and uses. Organizations rely on a third-party ecosystem, however they have to be conscious of any flaws or security vulnerabilities potentially introduced by partnerships and outside access to corporate systems.