When it comes to privacy, folks have learned to watch Uber like a hawk. This turns out to be useful even when Uber (apparently) turns out to be innocent. Case in point: the way Uber’s iOS app (3.222.4 and higher) now requests permission to track your location… “Always”.
“Previously, Uber only collected location information while a user had the app open,” TechCrunch reported late in November. “Now, Uber asks users to always share their location with the ride-hailing company.”
What’s going on here? Uber told TechCrunch: “Even though it can harvest your location constantly while its app is running in the background… it won’t use that capability. Instead, Uber claims it just needs a little bit more location data to improve its service, and it has to ask for constant access because of the way device-level permissions are structured.”
TechCrunch quotes Uber as saying it simply wants five more minutes of tracking before and after your ride. With this info, it can help drivers and riders find each other, and see if passengers are having to cross dangerous streets after drop-off. But, says Uber, app developers can’t ask Apple for “just five more minutes” of access after users close the app: their only option is “always”.
Since those first reports, prominent bloggers Michael S Fischer (HackerNoon) and John Gruber (Daring Fireball) have blogged extensively on this issue. First, Fischer asked Apple to prevent app developers from doing what Uber did: disabling a device owner’s option to provide location access only “when using the app”. Gruber then showed his iOS-using readers how to check the last time Uber tracked them: “Go to Settings → Privacy → Location Services and take a look at the list of apps. If Uber has checked your location recently, an indicator will appear in the list — purple if it checked “recently”, gray if in the last 24 hours.”
Well, it wasn’t long before some of Gruber’s readers started posting screen captures suggesting Uber was checking them out even if they hadn’t requested an Uber in weeks.
So, now what’s going on here? TechCrunch went back to Uber, and here’s what it says: since September, Uber’s app has been capable of integrating with iOS Maps. Using new iOS 10 APIs, Uber can add a handy-dandy Ride button to Maps. Not only can you request your Uber straight from Maps, Apple says that “you can also book and pay for rides… once you’ve ordered a ride, Maps even shows you the driver, the car, and the driver’s current location.”
But for all this to work, says TechCrunch, “location data must be shared” with Maps and whatever third-party apps are running inside it. And when you open Maps, Apple happily shares that tracking info even if you have no intention of ordering a car.
John Gruber suggests that Apple change Maps’ behavior so “extensions only load when you tap the ‘Ride’ tab in Maps” – not every time you load Maps. (Slower, but more private.) Alternatively, TechCrunch suggests a tweak to Apple’s color-coded Location Services Settings so it’s easier to tell which billion-dollar corporation is tracking you. (Of course, with the tracking rights you’ve already given Uber, who’s to say what could legally happen to all the data Apple keeps sending Uber, even after you’re safely across the street and safely inside your destination.) Just another day in this warm, fuzzy 21st century.