The forecast is free, but you have paid for it – with every place you have ever visited.
Rick Findlay
Every morning, hundreds of millions of people reach for their phones and do something that feels completely innocent: they check the weather. Will it rain? Should I take a jacket? Is it barbecue weather this weekend?
What most of them don’t realize is that this daily ritual has been feeding one of the most extensive data collection pipelines in consumer technology for over a decade.
The weather app on your phone very likely knows where you sleep, where you work, the route you take between the two, which bars you frequent on Friday nights, and whether you visited a clinic last Tuesday. And it has almost certainly sold this information to someone you’ve never even heard of.
The good news is that a growing ecosystem of privacy-respecting alternatives, many of them open source, now offers a real way out. But to understand why these alternatives are important, it helps to understand how we got here.
A story of betrayal
The perfect Trojan horse
Weather apps occupy a uniquely precarious position in the privacy landscape. There are several reasons for this. They are among the very first apps people install on a new phone. They have an obvious, legitimate reason to access location data. And because the underlying forecast data is provided free of charge by government meteorological services such as the US National Weather Service, the UK Met Office, and Norway’s MET Norway, the barrier to building a weather app is exceptionally low.
Build an app, tap on the National Weather Service, and you’ve got something you can throw into the app store.
The easiest way to monetize such an app isn’t through subscriptions; people are notoriously reluctant to pay for apps, preferring advertising, user tracking, and direct data sales. The result has been a gold rush of weather apps that primarily function as data collection vehicles with a forecast interface tacked on top.
The list of transgressions is long and accusatory.
In 2017, a security researcher discovered that AccuWeather tracked and shared user data even when the user had explicitly opted out of location tracking.
AccuWeather blamed a third-party partner, but skepticism was understandable, given that AccuWeather’s CEO had a long history of lobbying to limit the National Weather Service’s ability to share forecasts with the public – a move that would have increased demand for commercial weather apps.
In 2018, The New York Times conducted an investigation into popular mobile apps and their data practices. Among the findings: The weather app WeatherBug shared users’ precise location data with 40 different companies.
In 2019, the Weather Channel app was sued by the city of Los Angeles for collecting and selling user location data in a way that was not clearly disclosed. The company settled out of court but continued its tracking and data sales, albeit with an updated privacy policy.
In the same year, a separate investigation uncovered a Chinese-made weather app called “Weather Forecast – World Weather Accurate Radar” that was pre-installed on Alcatel phones and secretly collected email addresses, device identifiers, and geographic locations of over 10 million users.
She had also silently subscribed users in developing countries to paid services, which would have cost her more than $1.5 million had the scheme not been uncovered.
In 2021, Wirecutter evaluated 20 popular weather apps and found that 17 of them collected data to track devices for advertising purposes, while 14 used location information for device tracking. The scale is staggering: location information sold for targeted advertising generated an estimated $21 billion in 2019 alone.
The data broker machine
These individual app scandals are symptoms of a much larger system. In the background, a vast industry of data brokers aggregates location information from thousands of mobile apps—weather apps prominently among them—and packages it for sale to advertisers, analytics firms, and increasingly, governments.
The mechanisms are insidious. Many apps contain software development kits (SDKs) from data aggregation companies. These SDKs exploit the app’s existing permissions, especially location, and silently siphon data back to the aggregator.
App developers are often paid based on the number of active users, which creates a direct financial incentive to collect as much data as possible from as many people as possible.
Another pipeline operates through the advertising system itself. Every time an ad loads in a mobile app, an automated auction called “real-time bidding” determines which ad you see.
During this millisecond-long auction, detailed information about your device, including your precise location, is broadcast to potentially hundreds of bidding advertisers. Data brokers have learned to participate in these auctions not to buy advertising, but simply to harvest the location data flowing through them.
One of the biggest players in this field was Gravy Analytics, which claimed to track more than a billion devices worldwide and collect over 17 billion signals from smartphones daily. In January 2025, Gravy Analytics was hacked, with an estimated 17 terabytes of data being stolen. The leaked sample contained around 30 million location records, and researchers identified data from over 3,400 apps. The breach revealed just how granular and invasive this data was: it could pinpoint individuals to the specific rooms in buildings they frequented.
Just weeks before the break-in, the US Federal Trade Commission had banned Gravy Analytics and its subsidiary Venntel from collecting and selling location data of Americans without consent, accusing the company of tracking people to sensitive locations, including health clinics and military bases.
When the government comes knocking
Buy what she cannot legally demand
Perhaps the most alarming dimension of data collection by weather apps is where that data ends up: in the hands of government agencies conducting surveillance without a warrant.
In 2018, the US Supreme Court ruled in Carpenter v. United States that law enforcement agencies need a warrant to access location data from telecommunications providers. The decision was hailed as a milestone for data privacy. But government agencies quickly found a workaround: they simply purchased equivalent data from commercial brokers.
The scale of government procurement is enormous. The IRS, FBI, DEA, Department of Homeland Security, Immigration and Customs Enforcement (ICE), and Customs and Border Protection (CBP) have all purchased location data from brokers, including Venntel (the Gravy Analytics subsidiary) and Locate X.
CBP used it to search for mobile phone activity in remote desert regions near the border.
In March, FBI Director Kash Patel confirmed during a Senate Intelligence Committee hearing that the Bureau actively purchases commercially available location data for investigations.
When Senator Ron Wyden asked if Patel would commit to not buying location data of Americans, Patel refused, stating that the FBI was “using all the tools” at its disposal.
The corporate infrastructure underlying weather-based data collection has its own worrying history. In 2015, IBM acquired The Weather Company’s digital assets, including Weather.com, Weather Underground, and the Weather Channel mobile app, for more than $2 billion.
IBM explicitly stated that it plans to develop “data-driven advertising offers” based on the 82 million monthly visitors to its weather platform.
In 2020, IBM launched Watson Advertising, which used AI to deliver targeted advertising based on weather data, specifically boasting that it drove consumer actions “without third-party cookies or identifiers”—a claim that raised questions about what data it relied on instead. IBM later sold its Weather Company assets to the private equity firm Francisco Partners in 2023, but the advertising and data infrastructure remained intact.
The alternatives
The picture painted so far is bleak. But a robust and growing community of developers, open-source advocates, and privacy-conscious companies has built alternatives that prove you don’t have to sacrifice your location history to find out if it’s raining.
Open-source weather apps
Breezy Weather
Platform: Android | Source: Open Source (LGPL-3.0) | Cost: Free
Breezy Weather has established itself as the gold standard for privacy-respecting weather apps on Android. It’s a feature-rich, beautifully designed app with Material 3 Expressive architecture and pulls data from more than 50 weather sources, including official national services such as the UK Met Office, NWS, DMI, AEMET, and Météo-France.
Crucially, it doesn’t collect any personal data, contains no trackers or automatic crash reporters, and has no proprietary code. By default, it uses OpenMeteo, an open-source weather data provider, meaning the entire stack—from the app and API to the underlying forecast models—is transparent and auditable.
Features include 16-day forecasts, hourly precipitation nowcasting, air quality and pollen data, severe weather alerts, customizable widgets, live wallpapers, and support for screen readers and multiple languages. It’s available via F-Droid (the open-source app repository) and as a direct APK download from GitHub. It has garnered over 8,500 stars on GitHub, reflecting a vibrant and engaged community.
The project’s philosophy is simple: you own the data; the app owns none of it.
QuickWeather
Platform: Android | Source: Open Source | Cost: Free.
QuickWeather takes a minimalist approach. It’s fast, lightweight, and ready to use in seconds. It’s based on OpenMeteo (and optionally OpenWeatherMap) for data and collects absolutely nothing about its users.
Even if you grant location access, this information is used solely to retrieve weather data and is never stored or shared.
Features include a full-screen radar map, temperature, precipitation, wind speed, humidity, pressure, dew point, visibility, UV index, and seven-day forecasts with 48-hour hourly data. It lacks home screen widgets, but its simplicity is its strength.
Bura
Platform: Android | Source: Open Source | Cost: Free
Bura is a minimalist weather app with a clean Material Design interface. Like the other open-source options, it uses OpenMeteo for data and requires no API keys. It presents relevant weather information in an easy-to-read layout without asking anything of the user.
Cirrus
Platform: Android | Source: Open Source | Cost: Free
Cirrus carries on the legacy of the now-discontinued “Privacy Friendly Weather” app. It requests no unnecessary permissions, collects no personal data, and contains no trackers. It uses OpenMeteo for forecasts and integrates Rain Viewer for radar maps. Its interface is functional rather than flashy, with useful location tabs for switching between saved locations.
Privacy-respecting commercial apps
Yr (from NRK and MET Norway)
Platform: iOS, Android, Web | Cost: Free.
Yr is a joint project of the Norwegian Broadcasting Corporation (NRK) and the Norwegian Meteorological Institute (MET Norway), two public institutions that have been collaborating on weather forecasts since 1923. It serves over 11 million users weekly and provides forecasts for 13 million locations worldwide.
Yr is ad-free and only collects the data it needs to function. Its privacy model is based on the ethos of public broadcasting rather than commercial exploitation. The app’s weather visualizations are widely praised, including animated sky views, detailed hourly graphs, and precipitation nowcasting. The underlying data is based on the ECMWF’s high-resolution models and incorporates open data from several European meteorological services.
Hello Weather
Platform: iOS, Android | Cost: Free (Pro: $12.99/year)
Hello Weather takes a refreshingly direct approach to privacy. The developer clearly states that they “don’t want to know anything about you unless you contact us.” The app doesn’t collect any user data. Any minimal usage data that is collected is deleted within two days.
The free version covers all the basics with a colorful, well-designed interface. The Pro subscription unlocks radar views, additional data sources, air quality information, and widgets.
Ventusky
Platform: iOS, Android, Web | Cost: Free (Premium: $5.99/year)
Developed by the Czech company InMeteo, Ventusky offers stunning live weather maps with temperature, wind direction, precipitation, and more. It does not collect any personal data, and its privacy policy states that only anonymized usage data and location information are collected. You can use the app without revealing your location. The web version offers the same live maps, so you can skip the app entirely if you prefer.
(Not Boring) Weather
Platform: iOS | Cost: Paid
A design-oriented app that presents weather data in large, eye-catching typography. It’s feature-poor, with no radar or live maps, but its approach to privacy is clean and straightforward.
The open-source infrastructure: Open-Meteo
Many of these privacy-friendly apps are powered by OpenMeteo, an open-source weather API that deserves its own recognition.
Open-Meteo aggregates data from national weather services worldwide, including NOAA, DWD (Germany), ECMWF, Environment Canada, Météo-France and many others, and makes it available via a free, keyless API for non-commercial use.
The Open-Meteo website does not use cookies or tracking technologies and does not share any data with third parties. The entire codebase is available on GitHub under the AGPLv3 license, and it is possible to self-host a weather API instance using Docker. It offers hourly forecasts with resolutions down to 1.5 kilometers, 80 years of historical data, and APIs for air quality, ocean conditions, flooding, and geocoding.
It represents a fundamentally different model for weather data: publicly funded meteorological research, made universally accessible through open infrastructure, without advertising or data collection.
What you can do
Immediate measures
Check your current weather app. Look at its privacy label in the App Store or Play Store. If it lists “data used to track you” under categories like location, identifiers, or usage data, it’s feeding into the data broker pipeline.
Revoke unnecessary permissions. If you’re not ready to switch apps, at least restrict your current weather app’s location access to “only while using it” and disable precise location in favor of approximate location. This limits the granularity of the data it can collect.
Disable your advertising identifier. On iOS, go to Settings → Privacy & Security → Tracking and disable “Allow apps to request tracking.” On Android, go to Settings → Privacy → Advertising and delete your advertising ID. This removes the primary mechanism data brokers use to link your data across apps and services.
Switch over
The apps mentioned above are genuine alternatives, not compromises. Breezy Weather, in particular, offers a feature set that rivals or surpasses most commercial weather apps, with 50+ data sources, beautiful design, widgets, alerts, and air quality data – all without collecting a single byte of personal information.
For those less tech-savvy, Yr and Hello Weather offer polished, accessible experiences that inherently respect privacy.
Do you require any adjustments, such as a smoother or shorter version, or a translation into another language?
