Lately, Uber has been making headlines worldwide—a suspension in France, protests in South Africa, the defeat of a mayor in New York City.
Of note, Uber retains the right to track user location,
regardless of permissions, and Android users must opt-in to all data requests
in order to use the service:
The world is embroiled in a debate over the extent to which Uber should coexist with traditional taxi services and the louder the conversation becomes, the more distracted users are from the real issue: privacy.
Yes, Uber can feel like a win-win for driver and passenger alike, but its convenience comes at a cost.
|Farewell, privacy: Uber's permissions for Android|
- If you permit the Uber app to access location services through the permission system used by your mobile operating system (“platform”), we may also collect the precise location of your device when the app is running in the foreground or background. We may also derive your approximate location from your IP address.
- The iOS platform will alert you the first time the Uber app wants permission to access certain types of data and will let you consent (or not consent) to that request. Android devices will notify you of the permissions that the Uber app seeks before you first use the app, and your use of the app constitutes your consent.
EPIC has further taken issue with Uber’s excessive collection of data, which ranges from contacts in a user’s phone to device information to permanent log records, especially given the young company’s questionable record regarding security, which includes launch parties that share private data and a 2014 breach of drivers’ records that took 4 months to discover and another 5 months to disclose.
Recent breaches from Anthem to OPM prove that hackers know where to go for data that matters. Uber’s database of 8 million users worldwide has been described as “a sitting duck for hackers” and as its records of who-went-where-when-and-with-whom-and-what balloons, it only grows more desirable.
EPIC’s request includes an investigation into Uber’s business practices, a cessation of contact information collection and the deletion of location data upon trip completion, measures that would make Uber’s database far less attractive to hackers and far less marketable for the company itself.