A free weather information application from TCL named ‘Weather Forecast—World Weather Accurate Radar’ has been collecting unusual amounts of information from its users, claims security experts.
According to the reports, the application has been collecting personal data including email addresses and mobile identification numbers and the data are then transmitted to servers based in China. Further, it is claimed that the app has also subscribed users to paid services without permission.
This is very crucial given that the app has been downloaded over 10 million times on Google Play Store. According to a London-based security firm Upstream Systems, TCL‘s ‘Weather Forecast’ asks to collect information including users’ geographic locations, email addresses, and International Mobile Equipment Identity (IMEI) numbers.
It goes on to claim that TCL has also been attempting to fraudulently subscribe users of budget Alcatel smartphones in countries like Brazil, Malaysia, and Nigeria to paid “virtual reality services”. As per the security firm, Brazil alone received around 2.5 million transaction attempts from Alcatel devices in July and August last year.
The security firm says that the attempts were blocked after the company discovered the activity. It further says that while the app is no longer attempting to subscribe users to third-party services, it still continues to collect user data.
In response to these accusations, the company said that it is “evaluating new security consultants who can provide additional validation of the safety of our mobile applications we develop.”
As said, the app is owned by TCL Communication Technology Holdings Ltd. which is based in Shenzhen, China. TCL is the company that manufactures smartphones for BlackBerry and Alcatel and phones from both those companies come pre-installed with the weather application.
It remains to be seen if Google takes any action against the app or the company. Previously, in December, Google had suspended two Chinese apps from its Play store after allegations that they were exploiting user permissions under an ad fraud scheme.
The Internet Society of China’s analysis into data-gathering practices found that 18 of the most popular apps in the country collected what it deemed excessive user information – including text messages, address book data, and recordings. Almost half of those apps appeared to do this without consent from the user.