There are many reasons to distrust Uber, but its Android privacy policies might not be one of them. In a post that blew up on Hacker News, one user called attention to the breadth of information that Uber collects from the Android app.
For what it’s worth, we compared Uber’s user permissions agreement to that of Lyft, its closest director competitor.
As you can see, the agreement differs only by one category. While Uber requests access to Wi-Fi, Lyft requires access to SMS. The other seven permissions categories are the same.
Here’s a view peeking with the APK from the post that originally raised the red flag:
“Maybe Uber [is] evil,” the Android user writes. “Maybe Uber isn’t sending a bunch of data off to their collection servers for harvesting. Maybe I’m just paranoid.”
Those things aren’t necessarily mutually exclusive, but given the broad permissions users sign off on in order to use mobile apps (both in iOS and Android), it’s extremely difficult to know what happens with your data after you agree. Generally, apps don’t hesitate to ask for a wide range of permissions “just in case.” Android users agree to categories of permission, which may or may not be further illuminated by an individual app.
In Uber’s case, the company is apparently preemptively worried enough about users worrying that it offers a standalone FAQ for permissions in Android. Here are those clarifications:
“Access Wi-Fi networks
Using local Wi-Fi networks helps us pinpoint your location and pick you up exactly where you are, even in places where your data service is weak or unavailable.
Most of the time, there’s no need to contact your driver. If you do need to, you can reach your driver at an anonymized phone number with a single tap.
We use your phone’s camera to power Card.io snapshot registration. Touch the camera icon on the payment screen to add your payment information by snapping a quick photo of your credit card – no typing required. You can also use your camera to add a picture to your account profile, which helps drivers recognize you.
Get accounts and credentials
This permission allows Android users to sign in and pay with one tap (using the Google Sign-In and Google Wallet services, respectively).
Three features in our app need access to your stored contacts. Share My ETA lets you text friends a link to your trip so they’ll know exactly when you’re arriving. Fare Split lets you share the cost of a ride with anyone in your phone book. Finally, you can share your Uber invite code via Google+, Facebook, Twitter, and more to earn free rides.
Write phone settings
We use this permission to save data and cache mapping vectors, which helps power our app in 45+ countries and make Uber the world’s most reliable ride.”
Over on the Next Web, Owen Williams blames Android’s permission system for causing the privacy concerns, and looks under the hood himself: “Despite what some are claiming, there’s no evidence that Uber accesses any data on your phone other than that used explicitly for the purpose of getting you a ride, nor does it send any of your SMS’, images or other data off your phone.”
Ultimately, nothing binds a company like Uber to be fully transparent with what it does with your data, so using an app that’s implementing all of these different sensors and data streams is a matter of discretion. Even if Uber didn’t have such a questionable privacy record, it’s worth staying vigilant about everything you download—and if you aren’t comfortable with that information being collected, don’t agree to those terms and look elsewhere. After all, there are plenty of Ubers in the sea.
Photo via Uber