Some iPhone apps handing precise location data to as many as 40 businesses

A particular problem was WeatherBug, which was found to be sharing exact latitude and longitude to 40 companies, the New York Times said. In its broader investigation the paper tested 20 iOS and Android apps, the majority of which had already been tagged by researchers and industry sources as potentially sharing location data. 17, including WeatherBug, were found to be sharing users' precise locations to about 70 businesses in all.

Apple requires data passed to advertisers and app developers be anonymized — stripped of names and other identifiers — in order to protect individuals. But, entities that collect location data can potentially infer who someone is based on context. The Times gave the example of a layperson who cooperated in the investigation, math teacher Lisa Magrin, the only subject who travels from her home to her middle school by one particular route each day.

Advertisers and researchers may not care about being that granular, but are often eager to know what communities, services, and products people are interested in. Developers in turn may be willing to sell that data as an alternative to putting pricetags on their apps.

Another implicated app was theScore, which was discovered sharing data to 16 advertising and location firms. The Times noted that like some of the other investigated apps theScore's developer was misleading, telling users only that granting location permissions would "recommend local teams and players that are relevant to you."

Similarly The Weather Channel, the most popular weather title on the App Store, tells people that sharing location information is meant for personalized forecasts. For a time however that data was also being analyzed for hedge funds by the IBM subsidiary that owns the app, the Weather Company.

The analysis was being done as part of a pilot program that has since ended. Until the Times talked to IBM though, the app's privacy policy didn't mention that the Weather Company might share aggregated location data for commercial purposes.

Today's report is likely to spur action by Apple, which — except in China — has made privacy a tentpole of user privacy, even getting into conflicts with the U.S. and Indian governments. CEO Tim Cook has suggested that U.S. privacy legislation is "inevitable," and lauded the European Union's General Data Protection Regulation.