Is Uber’s Android App really a Malware?

News that Uber’s Android app is “Literally a Malware” shocked thousands of customers who use the App to call for cabs. Like with every fair coin that has two sides, Uber has defended its app saying the company only collects necessary information, a fact seemingly backed by another security researcher who rubbished earlier reports as “oddly inflammatory” and not backed by facts.

Lately, Uber ride sharing company has made news for all the wrong reasons, now the company is yet in the middle of another quagmire following revelation that its Android App is more of a spyware, collecting and sending huge chunks of users’ personal information to its servers. Joe Giron, a Phoenix-based security researcher who tabled the findings said Uber’s android apple is “Literally a malware” that “calls home” to report customers’ private information behind their backs.

According to Giron, the App sends information such as call history , SMS and MMS  logs, GPS Coordinates, Wi-Fi connectivity, Users device vulnerability (whether Jailbroken or not), other Installed Apps , their activity, data usage and Battery life.Interestingly, the App also purportedly checks on the neighbor’s Wi-Fi status and reports its capabilities, frequency, level and SSID.

“Why the hell would it want access to my camera, my phone calls, my Wi-Fi neighbors, my accounts, etc.?” asks Giron in a blog. “Why the hell is this here? What’s it sending? Why? Where? I don’t remember agreeing to allow Uber accedes to my phone calls and SMS messages. Bad NSA-Uber.”

Normally, genuine apps in Google store requestthe user for permission to access specific info on the installed device in bid to boost the App’s functionality. It’s up to the user to allow or deny the app access to the requested data on their device. That notwithstanding, a majority of users download apps without going through the permission checklist, ending up with Apps that can literally snoop on everything on their devices.

Unlike typical Apps, the Uber App allegedly accesses and reports information that is not related to its functionality.   Ideally, the App would need access the user’s Locationor address, but why on earth would the App need information on the neighbor‘s wife? Well, these are some of the contentious issues Uber is yet to Iron out.

Apparently, the ride sharing company won’t go down without a fair fight. While responding to the critics, Uber Spokesman Lara Sasken said the company has no interestsin collecting data beyond its need. “Access to permissions including Wi-Fi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber, and downloading the Uber app is of course optional,”read her Statement to Cult of Mac.

Uber’s story seemingly took a new twist after another independent securityresearcher disapproved the earlier findings. According to Owen Williams, online reports going round about Uber’s android Apps are“oddly inflammatory” and not backed up by facts. “Despite what some are claiming, there’s no evidence that Uber accesses any data on your phone other than that used explicitly for the purpose of getting you a ride, nor does it send any of your SMS’, images or other data off your phone,” says William in a blog.

After conducting a research using his Android phone, Williams concluded that the Uber App only  send necessary information such as phone numbers, email addresses, model number, OS version and Serial  number of the device. Such information is used to boost the functionality of the App and help the developers to debug the App, adding that it is a common practice among developer.

“I couldn’t find any instance of Uber sending back any further detailed information than this, certainly not the SMS log or call history,” writes Williams.“Android users continue to be scared away by permissions on the platform, when in reality they’re simply asking for details they need to perform basic functions.”

COMMENTS

WORDPRESS: 0
DISQUS: 0

Is Uber’s Android App really a Malware?

by Ali Raza time to read: 3 min
0