CVS Health, seventh on the Fortune 500 list in 2016 with nearly 10,000 pharmacy outlets across the US, has accidentally been releasing location data about its customers to over 40 third-party web servers.
Researchers from the International Computer Science Institute in California have discovered that the app, which helps users to locate their nearest pharmacy, is also relaying this information to any outside server that has links with its web page.
CVS hotly denies that it shares its customers’ location with anyone and also claims they can easily turn off the location-sharing app. After rigorous investigation, the researchers are not of the same opinion. After all, a store locator feature only works if the app knows the user’s, well, location. If that information is then openly shared, as seems to be the case here, there’s very little users can do to avoid their data being distributed.
This highlights the fact that many apps have inbuilt location features which can often default to ‘on’ – thus compromising users’ privacy by sharing real-time information on their daily habits with app owners and possibly third parties.