Despite of what you may have read, Uber’s Android App is not “Literally Malware”
One blog post ignited a strange and worrying headline this week: “Uber’s app is literally malware,” declared a thread on Hacker News.
Although a blog post itself is being oddly inciting, several media outlets have covered the story claiming that Uber may send unnecessary amounts of data back from your phone such as SMS along with the private images stored in your phone.
Take a snippet on this; it is unlikely for the Uber App to be a kind of malware and from the investigation, the original poster’s worries are unproven. Majority of the authorizations listed from the post calling the company out for being too extensive with the authorizations are “required by Android” to do the app’s basic functions.
Despite the claims, there is no proven evidence that Uber can access data of the phone except for the plain purpose of getting what they need. Not even sending any of your phone’s SMS, images or other data.
Uber has no purpose of collecting data beyond from what they need; it is absolutely not the interest of the company.
Uber has its own page explaining that a lot of its own installation permission has reasons. Below are some of the permission requests by Uber app upon installation:
- Location: Uber needs to know the locaso you will be picked up.
- Contacts: Thid id used for splitting and inviting friends to Uber
- Phone: this is necessary to call your Uber driver or Uber to call you.
- Microphone/camera: this is for the Uber function thet permits you to take photo for credit card scanning.
- Wifi connection: This is for the function for checking if you have internet and attempting to use the WiFi name for them to know your location.
- Device ID and Call Info: This access will permit your phone and unique ID to your device.
- Identity: This will permit android users for signing in and pay using one tap (Google sign-in and Google wallet service)
- Photos/Media/Files: This will allow Uber to save data and cache mapping vectors.
Do you remember Facebook Messenger permissions, which scared everybody a few months ago? That was the same daunting permissions which turned out to be used for legitimate reasons.
From the statement to Cult of Mac as update to the story matter, according to Uber “Access to permissions including WiFi networks and camera are included so that users can experience full functionality of the Uber App. This I not unique to Uber, and downloading the Uber app is of course optional.”
Are you still doubtful? Here is a research to verify that Uber is not doing the blog has claimed they might.
“I set up my Android phone to have its traffic intercepted by my Mac for around 30 minutes. I monitored from when I downloaded it, to when I logged in and ordered a cab, as well as in the background. It’s not extensive, but it’s enough to see if anything fishy is going on.”
Below is the information Uber sent to the device of the researcher. According to the research “note: this information was fully encrypted and is only readable as I added a certificate to the phone that allowed me to decrypt the data”.
Uber has sent back the information such as location, email address and phone number which is already expected. Along with the phone data, other information such as model, serial number and OS version of the device. The information are valuable for the development team to debug their apps when building them just like what were found from other apps.
It was not found out that Uber is not sending back information other than necessary ones. Most of all, Uber is not sending back information like call history and SMS messages.
Possibly, the issue is not about the app asking for permissions, but it is how they presented the permissions to the users. Adroid users are still scare by these permissions on the platform, while the simple fact is that they are only asking for necessary details for them to perform their complete functions.
From the blog post that started all these worries, the writer noted “Maybe Uber evil [sic]. Maybe Uber isn’t sending a bunch of data off to their collection servers for harvesting. Maybe I’m just paranoid.”
For Uber users on Android, there is nothing to get worried. These are just permissions necessary for the app and not worrisome just what they claim to be.