Uber’s Android App May Be Collecting An Alarming Amount Of Your Personal Data

Android tablets at Best Buy, Target, Amazon, Walmart found to include major security flaws, malware
November 26, 2014
Cyber Monday shoppers on high alert in light of data breaches
December 1, 2014

1 December 2014

uber

Uber’s Android app may be sending your private data back to the company, reports Cult of Mac’s Buster Hein.

The data transfer was reportedly discovered by Joe Giron, who runs a cybersecurity firm.

Cult of Mac says:

“Digging into the app’s code, GironSec discovered the Uber app “calls home” and sends private data back to Uber. This isn’t typical app data, though. Uber is sending back users’ entire SMSLog even though the app never requests permission. It also sends call history, Wi-Fi connections used, GPS locations and every type of device ID possible. The app even checks your neighbor’s Wi-Fi and sends back info on the router’s capabilities, frequency and SSID.”

It’s unclear what purpose this information would serve for the ridesharing company.

Neither Giron nor Cult of Mac said whether Uber’s iOS app was transferring similar data back to the company.

An Uber spokesperson gave Business Insider the following statement:

Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber.  In addition, our code lists several feature options that our mobile security vendor offers, but that we do not use.  For example, “whether device is rooted, whether it has any malware on it, and whether it’s vulnerable to the Heartbleed security bug” are not features that Uber uses.  For a list of features that we do use, please visit: https://m.uber.com/android-permissions.

Source – http://www.businessinsider.com/ubers-android-app-could-be-malware-2014-11