Unruhgie times for uber: since the summer, the company delivers a slugfest with taxi centres, authorities and courts. Whether in Dusseldorf, Frankfurt, Munich, Berlin, Hamburg or European countries like France as soon as uber offers its transport services per app, there’s trouble. Among users is uber however high in the course and finds more and more followers. But now new trouble looms: because as the security researcher Joe Giron found out, the Android app by uber collects many suspicious data.
Already during the installation of the uber-app, users that agree that the application receives inter alia access to contacts, pictures and videos, existing user accounts as well as the location, the phone function and the camera. While this is so not only at uber and largely attributed the purpose of the application, is this all the more surprising: because the app according to Giron namely also checks whether the Smartphone may be vulnerable for the encryption gap Heartbleed. But, if the device is gerooted (access to the base system) or not, uber checked the fact apparently with its Android app.
Uber: the mytaxi competitor in the test
App sends data
But that’s not all: the Android app by uber sends according to Joe Giron also data to the operator. This information includes the battery, installed apps, the available memory level and the surrounding Wi-Fi networks. At the same time, the software expert published several lines of program code, which give the impression that the uber-app to relocate such as details of phone calls and SMS traffic.
Company takes position
Uber is not uncommented the facts and takes position to: so uber declares to numerous media that you need information about the names of the surrounding Wi-Fi networks, to more accurately determine the whereabouts of a user from the collection. Access to the camera is required for profile photos and a function to read a quick credit card information. Responsibility with regard to the other functions but has uber of: our program code lists some features of our Sicherheitsdienstleisters that we however do not use declared the company to venturebeat. So, including checking a possible Heartbleed encryption gap or the status of the root is not a function of uber.
Taxi apps in the test
Taxi apps for Android and ios
Ios and Windows phone also affected?
Above all Android users are affected by the obsessive of uber-app this information after. Secure evidence whether the IOS and Windows phone app on the shipment of personal data omitted, there is currently still no. Given the proliferation of Android, this is however already serious enough.
Now face uncertainty of the personal data is another case in the history of the uber scandals: because only recently a senior uber Manager had asked according to buzzfeed to put critical journalists with information about their private lives under pressure. This project had corporate CEO Travis Kalanick distances itself publicly shortly after becoming known, but leaves a thread smacks on the now submerged facts.
Overview: networked car
Autopilot Smartphone integration