A growing number of iOS apps collect and sell location data

A growing number of iOS apps currently collect location data, WiFi network IDs and other data, from iPhone users and sell them to monetization firms.

A group of security researchers that developed the popular Guardian mobile firewall app revealed that a growing number of iOS apps currently collect location data, WiFi network IDs and other data, from iPhone users and sell them to advertising companies.

Let me immediately highlight that these iOS apps collect data by asking users for permission to do it, but lack to inform users that gathered information are shared with third-party advertising and marketing companies.

The experts have observed that all these apps have embedded tracking codes provided by advertising and marketing firms.

“The GuardianApp team has discovered that a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packagedcode provided by data monetization firms. In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information.” states the Guardian app research team.

“In order to gain initial access to precise data from the mobile device’s GPS sensors, the apps usually present a plausible justification relevant to the app in the Location Services permission dialog, often with little or no mention of the fact that location data will be shared with third-party entities for purposes unrelated to app operation.”


Most of the apps asked for permission to access GPS coordinates, Bluetooth LE beacon data, and Wi-Fi SSID (Network Name) and BSSID (Network MAC Address).

Some apps also collect other types of device information, including accelerometer Information (X-axis, Y-axis, Z-axis), advertising Identifier (IDFA), battery Charge Percentage and Status (Battery or USB Charger), cellular Network MCC/MNC, cellular Network Name, GPS Altitude and/or Speed, timestamps for departure/arrival to a location.

The report published by the Guardian app team includes the names of 12 monetization firms that received data along with the names of 24 apps that use the tracking code provided by location data monetization firms.

The report also includes the names of 100 news apps containing monetization code provided by data monetization firm RevealMobile.

“In August 2017, RevealMobile was also found to be packaged in the AccuWeather app for a brief period of time and was criticized by users for collecting Wi-Fi SSID and BSSID from user’seven if Location Services access was denied (More:https://www.zdnet.com/article/accuweather-caught-sending-geo-location-data-even-when-denied-access/ ).” continues the report.

Experts also shared these potential mitigations:

  • Go to Settings > Privacy > Advertising and turn on Limit Ad Tracking in order to make uniquely identification of your iOS device more difficult for location trackers.
  • Press “Don’t Allow” if a Location Services permission dialog contains “See privacy policy” or similar text.
  • Use a very generic name for the SSID of your home Wi-Fi router (eg. “home-wifi-1”).
  • Turn off Bluetooth functionality when it is not in use.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase