When the storm brings spies: How a top weather app became an agent of surveillance

• The Weather Forecast—World Weather Accurate Radar app, developed by Chinese tech firm TCL, secretly collected sensitive user data (location, email, IMEI numbers) without consent, despite its popularity (10M+ downloads).
• The app auto-subscribed Brazilian users to paid third-party services (including adult content), leading to over 2.5 million blocked unauthorized transactions in 2018.
• Weather apps like AccuWeather, WeatherBug and The Weather Channel have a history of covert tracking and data-sharing, often monetizing user privacy for profit.
• Some apps now track carbon footprints, resembling China’s social credit system, while critics warn that data collected by Chinese-linked firms could feed into government surveillance networks.
• Experts recommend switching to privacy-focused apps (e.g., Apple Weather, POW), disabling location permissions, or using non-app sources like Weather.gov. Free apps often monetize user data, making paid or minimal-tracking alternatives safer.

In December 2016, TCL Communication, a Chinese technology conglomerate known for producing Alcatel- and BlackBerry-branded phones, introduced the free app Weather Forecast—World Weather Accurate Radar to Google’s Play Store. By 2023, it had garnered over 10 million downloads, becoming one of the most popular weather applications globally. But behind its pleasing design and reliable forecasts lay a darker reality: The app quietly harvested massive amounts of user data — without consent.

Security experts and privacy advocates have now exposed the app’s system of extracting sensitive information, including users’ geographic locations, email addresses and International Mobile Equipment Identity (IMEI) numbers—a unique identifier for each mobile device. The findings, detailed by mobile commerce firm Upstream Systems, revealed TCL’s Weather app went further, auto-subscribing Brazilian users to paid third-party services disguised as virtual-reality offerings or pornographic content. Over 2.5 million unauthorized transactions were blocked in Brazil alone between July and August 2018. While TCL has since halted these fraudulent subscriptions, the practice of collecting excessive personal data persists — a dynamic that experts argue underscores systemic risks in smartphone software ecosystems.

A pattern of exploitation: Weather apps as privacy pits since 2017

The TCL scandal is not an isolated incident. For years, weather applications have served as entry points for corporate and government surveillance. In 2017, AccuWeather infamously tracked users even after opting-out, claiming ignorance despite its CEO’s history of lobbying to restrict free government weather data. By 2018, The New York Times found WeatherBug was sharing precise user locations with 40 external firms. The Weather Channel app faced a lawsuit in 2019 over opaque data-sharing practices, eventually settling without admitting guilt.

The weather app industry has consistently balanced utility with exploitation. Many apps rely on public weather data from entities like the U.S. National Weather Service, allowing virtually anyone to enter the market. Yet monetization demands have pushed developers to turn tracking into a profit engine. “Tens of millions of people have unwittingly traded away privacy for rain alerts,” observed Jason Fitzpatrick of How-To Geek, who highlighted how advertisers and third-party data brokers — some linked to governments or NGOs — profit from the consequently painted “intimate portraits” of users’ lives.

Beyond ads: The push toward government surveillance and social control

Critics argue the data gathered by weather apps is less about profit and more about social control. In 2023, several apps introduced “carbon impact” scoring, monitoring travel behavior and energy use — eerily mirroring China’s social credit system. One analyst notes this may pave the way for “climate lockdowns” or digitized ID requirements enforced via app data.

Meanwhile, TCL’s Chinese parent company operates in a geopolitical stew. Political analysts warn that data shared with Shenzhen-based firms could interface with Chinese intelligence networks, though TCL denies such ties. The convergence of commercial greed and state influence is why Upstream Systems’ Davey Winder calls China a “red herring,” stressing that criminals — not just nations — exploit vulnerabilities in markets like Brazil, Nigeria and Southeast Asia, where budget smartphones disable security protocols.

A user’s guide to digital sovereignty

While most users prioritize convenience, vigilance is now essential. Security researchers urge audits of current apps: Check privacy policies, revoke location permissions, or install “zero-tracking” alternatives like Apple’s Weather app (iOS) or Privacy-Oriented Weather (POW) for Android. Paying for ad-free services — like $3/month for AccuWeather’s subscription tier — can mitigate some risks.

For the tech-averse: Consider abandoning mobile apps altogether. Weather.gov and locally curated websites offer barebones forecasts without tracking. As Fitzpatrick advises, “A free app is paid for by you — your data is its currency.”

The cloud of compliance: Why privacy is a frontline issue

The TCL saga and broader app surveillance reveal a stark truth: convenience has become a Trojan horse for control. From Beijing to Silicon Valley, data aggregators thrive where consumers passively consent. Yet public awareness is rising. Over 200,000 U.S. activists have urged app store compliance with COPPA and GDPR, while Dutch lawmakers recently proposed criminal penalties for deceptive app practices.

The fight isn’t just about umbrellas — it’s about who holds the levers of power. As TCL’s app demonstrates, the digital snitch in your pocket is no metaphor. Compliance may be easy, but vigilance is the only path to reclaiming autonomy in an era where every raindrop brings drops of data.

Sources for this article include:

BigLeaguePolitics.Substack.com

HowToGeek.com

BBC.com