By Matt Golabek & Trevor Morgan 

From calorie counters to food delivery services to secret and deceptive “vaults” to hide info from parents, millions of humans are tethered to smartphones as if they were their only lifeline. With the convenience, however, comes potential risks for the user.

IBM’s Cost of a Data Breach Report 2019 identified the following startling figures:

  • Average total cost of a data breach: $3.92 million;
  • Average size of data breach: 25,575 records;
  • Time to identify and contain a breach: 279 days;
  • Highest country average cost: United States, $8.19 million; and
  • 2019 odds of a data breach within two years: 29.6%, up from 27.9 in 2018.

While these data critically inform decisions and actions taken by CEOs, investigative analysts, and cybersecurity professionals in an effort to protect a company’s assets, they are also important to the average consumer.

Take for example, the popular app, MyFitnessPal. In February 2019, it was reported that 151 million accounts were breached and being sold on Dream Market, a nefarious site on the anonymous Dark Web where drugs, stolen data, and counterfeit consumer goods were being sold. It closed “shop” a month later, with rumors that law enforcement had been breathing down its cyber neck. Another popular app, DoorDash, had a data breach of 5 million records in 2019.

This new Hg blog series is based on our February FactSheet, What the APP?! Top Social Media APPS and the Lowdown on What Info They Collect, in which our seasoned analysts compiled a list of popular apps used by teenagers and adults to better inform readers of what information each app is collecting. You can download the full FactSheet for free, and we encourage you to share it with others.

This week, we review 5 popular travel apps.

 Airbnb

This app is perfect for finding travel accommodations across the globe. Houses, cabins, apartments, and rooms are just a few of the offerings. With consent, it can collect email addresses, dates of birth, addresses, phone numbers, government IDs or passports, payment information, and geo-locations. View its privacy policy.

  Apple Maps

Apple Maps is the modernized form of the old spiral ringed paper maps every car had—it’s an easy to use GPS system which makes it easier to get to the desired destination. Once at the location, Apple Maps provides a 3D preview of the immediate location, providing a better sense of what is around the area such as food, gas stations, hospitals, and hotels. Visiting the same location several times? This allows Apple Maps to make a list of your most frequently visited locations and proactively suggest a route to that same location. View its privacy policy.

  Google Maps

Google Maps is very similar to Apple Maps in its ability to provide GPS assistance for transportation from one destination to the other. Google Maps also provides 3D views of an immediate location, which can create security concerns because any user has the ability to view a curbside or aerial view of a house, business, or open location such as a park. This ability provides the user with relevant information such as various entry points into a specific house. A seemingly positive-natured app could be used for negative and criminal intent. View its privacy policy.

  Lyft

Lyft is a transportation app that helps people get from point A to B with ease. Lyft is a seemingly harmless app but, in reality, it is collecting a lot of personal information. For instance, a user or “rider” of this app is freely providing a name, email address, phone number, date of birth, and bank account/ payment information. On the other side, “drivers” provide, date of birth, physical address, government identification such as a SSN, driver’s license information, and vehicle and insurance information. Requesting a simple ride from one destination to the other comes with a hefty “cost” of your personal information. View its privacy policy.

Uber

If you are an Uber driver, the app collects your location both when the service is up on your phone and when it is in the background. If you are a rider, the app only collects your location information when the is open. View its privacy policy.

   Waze

This community-based navigation and traffic alert app collects personal information based upon what a user wants from the app and how privacy settings are managed. If consent is granted, Waze will collect detailed location, travel and route information, voice and audio information when using Waze’s audio features, as well as meta-data about the user’s device and browser. View its privacy policy.

   Travelocity

The popular travel app, Travelocity, stores and uses personal information that a user inputs while purchasing airline tickets, reserving hotels, and renting cars, for example. Such information can include first and last name, telephone number, postal and email addresses, and billing information such as credit or debit card number, cardholder name, expiration date, and billing address. View its privacy policy.

 Matt and Trevor are investigative analysts at Hetherington Group, where they use their open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. Both are contributing writers to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On their lunch breaks, they can be found outside playing frisbee with their four-legged colleagues.