“Ridesharing Apps and Your Data Privacy: What you Need to Know.” (From our Forums.)
Text originally published by Samuel Gichichi on the Cyber Secure Central Forums.
Many people around the globe are increasingly using ridesharing apps like Uber and Lyft. The popularity of using these applications has grown tremendously in recent years due to their convenience. The popularity of traditional taxis has dropped significantly due to the emergence of ridesharing apps. Pricing options, instant confirmation of rides, the variety of choice and ease of use has contributed to an inseparable blend of technology and transportation. However, the different services offered by the ridesharing applications require information like payment information and real-time location from the rider. While this information is key to facilitate a ride, the applications also risk riders information if it’s mishandled.
What type of information is collected by ridesharing apps?
GPS technology plays an integral role in the success of these apps. The rider and driver have to turn on location access in their smartphones for the app to get real-time location information for both. Apart from location access, the apps also collect personal information from you. If you are a fast time user, you are required to sign in to use the services of the application. They require you to link to a social networking account like Facebook to verify your identity. The user, therefore, ends up granting the application’s company access to his information on the social networking account. The application gathers information such as friend lists, birthdays, job, the college you studied which is completely unrelated to getting a ride.
The ridesharing apps also operate under a cashless mode of payment. The rider is supposed to link credit card details to facilitate the payment of a ride. While this might seem to be a convenient payment method, the rider’s credit card details are only safe as per the companies privacy policy.
What happens to the collected data?
Companies supporting ridesharing applications often collect bulk information for marketing purposes, improve on app functionality and analyze general usage statistics. The collected information can also be sold to third parties or advertisers in accordance with the company’s privacy policy. There are several ways that data breach can occur; information can be leaked while being transmitted to the third party, the third party or the ridesharing company can mismanage the data. Due to the increase in the number of people using these applications, cybercriminals are attracted to the company databases because of the amount and quality of data they hold. If fraudsters get hold of sensitive information like payment details or login credentials, there is no limit to the magnitude of the danger they can cause.
A Kaspersky Lab Security research showed that all of the 13 world-class ridesharing apps have security-related challenges. The study revealed that the vulnerabilities included users being diverted to an attackers site. This allows the hacker to access sensitive information like login credentials for various online accounts. According to google play reports the 13 applications have been downloaded more than a million times. This indicates the amount of user information delivered to such apps. Without the necessary security measures, this information is put to jeopardy.
More security concerns were identified by Norton Security experts. If users of the various ridesharing apps fail to turn off their devices after terminating their ride, the app continues to collect data about the user location and how long they stay in that place. This violates the privacy of users because their location should only be revealed while they are on transit.
How to stay safe while using ridesharing apps
Without a doubt, ridesharing apps are transforming public transportation. However, since users submit sensitive information through these apps, they should do a thorough background check before settling on one. People can be forced by different factors to choose one ridesharing app over the other. Location and popularity are the big influencers of having you have on your phone. Also, people are moved by the ease of use and the appearance of an application.
Before you install a ridesharing app, you should research the company and read online reviews to understand their culture, attitude, company chatter and worrying issues discussed by customers. Reading customer reviews will help you to understand how the company treats its customers and how they conduct their business.
After you have narrowed your search, you should analyze each app’s privacy policy. The policies can be found on the company’s website and should state clearly what user information is collected. Every application gathers information from its apps. The policy should, however, indicate the specific details to be sent to third-party organizations. Although reading through the policies can be a tedious endeavor, the information you obtain will enlighten you on how the company intends to use your data. If you do not agree with the policy, do deeper research or select another service provider.
Data leaks can occur during the transfer process to third parties. If such leaks happen, it can affect many users leading to loss of trust between the users and ridesharing company. Cybercriminals target the data transfer process to third parties since these applications collect sensitive information that can be leveraged by fraudsters to gain money.
Another way to boost your safety while using these applications is to update your ridesharing app. Many attackers reverse-engineer applications to understand how they function and identify any vulnerabilities. When a vulnerability is identified, hackers exploit it to have access to the server side infrastructure compromising the integrity of data. To counter the adversities that are brought by attackers, app users and workers are advised to keep their applications up to date.
End note
In the current technology-driven world, data privacy and protection should be everyone’s concern. The level of fraud has intensified as attackers are no longer targeting institutions alone but the emerging applications with vast user information. Just like people are becoming cautious about the dangers of using unsecured internet connections or weak login details, they also need to understand the threats involved in using these applications. Before installing an application to their device, they need to know the privacy policy governing the app. They should also keep an updated version of their application to protect themselves from the vulnerabilities of old applications.
Disclaimer
The content of this article does not reflect the official opinion of Cyber Secure Central. Responsibility for the information and views expressed in the article lies entirely with the author(s).
