Uber Should Restore User Control to Location Privacy

Uber has rolled out a new update to its iPhone App—Version 3.222.4—which removed the option to limit location tracking to “While Using,” a privacy setting in the iOS that provides users control of when their information is shared with the app.

Upgrade TextYou might not have noticed right away. The November 23 update was described simply as, “This update fixes an issue affecting some riders who weren’t able to request a ride,” with no mention of the sharp change in privacy practices.

New ChoiceAfter you open the app, however, it immediately hits you with a request for location data—users can now only choose “Always” or “Never,” eliminating the fine grain-based “While Using” control previously available. The first request includes an explanation and a URL for more information, but if you choose no, afterwards it is a stark black and white message. If you choose yes, you won’t be presented with the option in-app again.

As explained on the Uber site, the planned uses for the new “Always” permission is limited to three cases:

• When you are interacting with the Uber app and the app is foregrounded and visible.
• When you’re on a trip: from the time you request a trip until when the trip is ended or cancelled by the driver, even if the Uber app is running in the background and not visible to you.
• Up to five minutes after the driver ends a trip, even if the Uber app is in the background.

Uber justifies the location collection to “improve pickups, drop-offs, customer service, and to enhance safety.” For example, Uber could notice that the driver dropped you off on the far side of a busy street, forcing a potentially risky crossing. This change is not part of the Uber privacy policy, which remains unchanged, but rather a separate policy statement. (The new page is not linked from the privacy policy, nor from Uber’s iOS App Permission page). Under that policy, Uber was already tracking trips through the driver, so the five minutes of additional tracking is the most substantive change.

Many people have raised concerns about this change, both questioning Uber’s need for post-ride tracking and the change away from user control. These concerns are quite understandable—there are many legitimate reasons that a rider would want privacy in their final destination, perhaps stopping the ride a block or three away from their true destination.

Google Using LocationFor each of these scenarios, the “Always” setting is not actually necessary (explained in detail below, for those who want to do a deeper dive into how the API works).  There are two main differences with the Always setting. First, Uber could track your location when the app is not running, using location events to open the app. Second, when the app is using your location under the Always permission, there is no special notice through the OS. (As opposed to, for example, if you are using Google Maps for turn-by-turn directions with the “While Using” location setting, you will get a notice when the app is tracking in the background.)

If Uber is true to its privacy policy, its first advantage is foreclosed. The Uber privacy policy limits app location collection to “when the app is running in the foreground or background.” Until Uber changes its privacy policy, it should neither be able to do any tracking when the app is closed, nor relaunch the closed app to conduct tracking. The second major difference is simply hiding the fact of tracking from the user interface.

How to Turn the “Always” Tracking Off

Privacy conscious users can still use the app with the Never setting active, but the usability is quite clunky, especially if you don’t happen to know the street address of your starting and ending points.  Go to Settings > Privacy > Location Services > Uber, and you can toggle to Never.

Lyft PermissionsWith this setting, one can switch back and forth between Always and Never and simulate “While Using,” but this is also awkward and easy to get wrong. Or, of course, one could use alternatives like Lyft, which retain the “While using” permission.

Uber could obtain the location information with the “While using” setting, which is known as WhenInUse in the iOS API. Though you might understandably think that “While using” is limited to when the app is in the foreground, both Always and WhenInUse permissions allow an app to access the users’ location while in the background. (Apple’s WWDC video provides a great explanation, starting about 6 minutes in.)

A key difference is the blue bar indicator, telling the user that the app is tracking location. As Apple explains, “Enabling the location-updates background mode ensures that an app continues to receive location events while in the background. When the app moves to the background, the system adds the location-services indicator to the status bar to let the user know that an app is using location services.”  This allows for transparency to the user, which reminds the user that they can close the app, and stop the tracking.

However, “[f]or services that launch your app, you need to request (and be granted) ‘Always’ authorization from the user.” Thus, the Always setting allows continued tracking while the app is off, and can use these location events to launch the app. The Always setting is also needed for things like the ‘significant location change service,’ or the ‘region monitoring service.’ These services are not necessary for Uber’s planned use.

The iOS will cease sending location information WhenInUse when the user affirmatively closes the app or when it is terminated by iOS (perhaps because you opened another app that needed that memory space). If users believe that Uber’s new uses are right for them, and want to be sure that their location will be tracked, even if they open other apps, they will need to enable “Always.”

Changing back to allowing the “While using” setting will help reassure users that they will be able to limit the location data use to the limited set of information proposed to be collect, at the OS level, provide transparency through the blue bar indicator, and help show Uber’s commitment to protecting users while still allowing for limited, transparent use of background location information.

Uber has come a long way since an executive was caught using God view to track the location of Uber riders and customers without obtaining permission. Indeed, earlier this year, we gave Uber five stars on the 2016 Who Has Your Back report, which awards companies for best practices in protecting users from overly broad government information requests.  It is disappointing that Uber has moved away from empowering users to have more control over their location privacy. We hope Uber chooses to honor and respect its users and reverts this change.

Leave a Reply