By John Gruber
Kolide — User focused security for teams that Slack.
Uber’s iOS app recently changed its location-tracking from “When using the app” to “Always”. The company says they’re only doing it for five minutes after a ride ends, to see where passengers go. They’re trying to improve the accuracy of where passengers get dropped off.
As you know, iOS allows users to control how apps can access the user’s location. There are three choices: “Always,” “When using the app,” or “Never.” These are reasonable options. Some users might never want an app to have access to their location. Others might have a strong trust relationship with the app and its authors and allow the app always to track them.
Most of us, though, fall into the middle camp: We want to allow apps to use our location for the purpose of providing a service, but want to control our privacy when the app or its authors cease doing business with us. So what we’re asking is simple:
Don’t allow app developers to disable the “when using the app” Location privacy option.
It’s simply unnecessary for Uber or others to track us when the app isn’t in use. How do we know this? Because these apps worked adequately before they disabled this option. We were able to meet our drivers by opening the app, finding our location, and hailing a driver. We gave them enough information to get the job done, and we were satisfied with the results.
Few people are more skeptical about Uber than I am. Just last week I linked to a scathing report on Uber’s internal privacy problems.
iOS does not give users the fine-grained control over apps’ location-tracking privileges that Fischer is asking for, but it does give us a way to verify that Uber is only using its “Always” privilege the way it claims to be — for five minutes after a ride ends.
Go to Settings → Privacy → Location Services and take a look at the list of apps. If Uber has checked your location recently, an indicator will appear in the list — purple if it checked “recently”, gray if in the last 24 hours. I’ve been checking this every few days ever since Uber changed its location-checking privilege, and it has never once shown any sign of misuse.
I don’t trust Uber. But we can collectively verify that in this case, they’re doing exactly what they say they’re doing.