- Advertisment -

“5K Trainer” and various other apps for iOS steal user’s location data for monetization

Research shared with 9to5Mac this morning showed that popular iOS apps you probably have installed on your iPhone, iPad or iPod touch have special malicious entitlements that send user location for data monetization firms.

The research firm ” Sudo Security Group’s GuardianApp” led by “Will Strafach” reports that:

“Several popular iOS apps have been used covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetization firms.”

The data is said to be used for location monetization, by taking the user’s current location and sending it.

- Advertisement -

Apple’s App Store Policy clearly has this as a restriction, under the Legal 5.1.1 and Legal 5.1.2 policies.

 

Legal – 5.1.1 and Legal 5.1.2

The app transmits user location data to third parties without explicit consent from the user and for unapproved purposes.

Before these apps are removed, and Apple revises their strategy, the security firm recommends following these instructions.

In order to gain initial access to precise data from the mobile device’s GPS sensors, the apps usually present a plausible justification relevant to the app in the Location Services permission dialog, often with little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation.

All location data monetization firms listed on this page collect one or more of the following data points:

  • Bluetooth LE Beacon Data
  • GPS Longitude and Latitude
  • Wi-Fi SSID (Network Name) and BSSID (Network MAC Address)

In addition, some firms also collect the following types of less sensitive device information:

  • Accelerometer Information (X-axis, Y-axis, Z-axis)
  • Advertising Identifier (IDFA)
  • Battery Charge Percentage and Status (Battery or USB Charger)
  • Cellular Network MCC/MNC
  • Cellular Network Name
  • GPS Altitude and/or Speed
  • Timestamps for departure/arrival to a location

GasBuddyMyRadar NOAAPayByPhone Parking,  C25K 5K Trainer appear to be the apps in question.

Appleosophy contacted Apple for clarification on this via phone, but Apple declined to comment on the issue.

This article will be updated with any new information when it becomes available.

 

Updated: Fixed layout issues.

Popular Stories

Exclusive: AirTags confirmed in a new Apple Support Video!

Apple just uploaded a video on their Apple Support YouTube channel titled "How to erase your iPhone". This tutorial tells us about the process...

iOS 14 to include new wallpaper settings and Home Screen widgets

With the approach of iOS 14, leaks have started to, well, "leak". The Twitter user DongleBookPro, who often leaks images of internal and unreleased...

Writer of the Month

Recent Stories

Opinion: What Apple’s Dark Sky app acquisition means for CARROT Weather

Last week, Apple made the purchase of the Dark Sky weather app, which is one of the most popular premium weather apps in the...

One week with the Apple Watch Series 5

It has now been a week since I purchased my silver 40mm Apple Watch Series 5 from Best Buy via its curbside pickup. During the...