1 December 2014
Uber’s Android app may be sending your private data back to the company, reports Cult of Mac’s Buster Hein.
The data transfer was reportedly discovered by Joe Giron, who runs a cybersecurity firm.
Cult of Mac says:
“Digging into the app’s code, GironSec discovered the Uber app “calls home” and sends private data back to Uber. This isn’t typical app data, though. Uber is sending back users’ entire SMSLog even though the app never requests permission. It also sends call history, Wi-Fi connections used, GPS locations and every type of device ID possible. The app even checks your neighbor’s Wi-Fi and sends back info on the router’s capabilities, frequency and SSID.”
It’s unclear what purpose this information would serve for the ridesharing company.
Neither Giron nor Cult of Mac said whether Uber’s iOS app was transferring similar data back to the company.
An Uber spokesperson gave Business Insider the following statement:
Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber. In addition, our code lists several feature options that our mobile security vendor offers, but that we do not use. For example, “whether device is rooted, whether it has any malware on it, and whether it’s vulnerable to the Heartbleed security bug” are not features that Uber uses. For a list of features that we do use, please visit: https://m.uber.com/android-permissions.