Should you care that these much-loved food delivery apps gather the data that they do?
Even if you weren’t super into takeout before the pandemic, chances are you’ve upped your delivery in the past year. I get it! Cooking gets tedious and boring and we’ve all needed to — literally — spice up our lives while homebound. I know that in my household, takeout has become a much more regular occurrence than I’d probably occur.
But whatever. We all deserve to give ourselves and others some grace right now. But should we be giving food delivery apps grace, too? For this week’s What Does the Internet Know About Me?, I’m going to take a look at DoorDash and GrubHub/Seamless, two of the bigger food delivery app services here in the US. (GrubHub owns Seamless, so I’m batching them together.) I already know that they know I love Chinese food. Let’s see what else they’ve got.
Both delivery services collect a couple of obvious things that are necessary for them to, you know, bring food to my house. They know my name, my email address, phone number, address, and information about my payment method (i.e. credit card info or PayPal).
If I access their service through a website instead of my phone (which isn’t a thing I do) or the app on my phone, they also “collect information to better understand customer traffic patterns and Site usage.” That includes the website I visited before visiting their site or app, which parts of the site or app I visited and how much time I spent there.
If I log in with a third party account, like Facebook, DoorDash will exchange information with that service too. They would also access my phone’s phone book for referrals, if I let them. (Which I don’t.) Finally, they track me across different devices “to better tailor content and features” and provide a “seamless experience.”
And speaking of seamless! (See what I did there?) In addition to the obvious stuff listed above, GrubHub/Seamless tracks transaction info, any communications done in-app or via phone or mail, location information, information about my device(s) and software, and analytics info, including through third party services like Google Analytics.
“If you have previously opted into Grubhub’s collection and use of location-based information through our mobile application, we may collect and store the precise location of your device when the app is running in the foreground or background of your device.”
Yikes. That means that if you don’t opt out of location tracking on your phone, they potentially know where you are at all times.
Both DoorDash and GrubHub need some — to be fair, kind of a lot — of the data they collect in order to tell me what restaurants are nearby and then to deliver my food when I order it. They also have a legitimate interest in learning my likes and recommending similar restaurants in the future. Realistically, the nature of the business of a food delivery app means that they’re going to have to collect a lot of data about me.
“We work with third-party Ad Networks and Advertising Partners to deliver advertising and personalized content to you on our Platform and Services, on other sites and services you may use, and across other devices you may use. These parties may collect information directly from your browser or device when you visit the Platform through cookies or other tracking technologies. This collected information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.”
I’m bummed out by this investigation because, like all millennials, I like the convenience of ordering on an app — and not having to talk to a person on the phone. (Although honestly, as I’ve gotten older, the talking on the phone thing is less of an issue.) But the many, many ways GrubHub and DoorDash track me definitely has me concerned. Is it worth that much data being sucked up about me just for a slightly easier ordering experience?
Add on the fact that it became very clear during the pandemic just how big of a cut these food delivery apps take — and how shady some of their business practices are — and I think I might go back to ordering on the phone.
That, or I’ll make my partner order using apps on his phone. Then it’s his info being collected, not mine. (Kidding. Or am I?)
Malicious USBs can allow attackers to obtain a user's passwords, access their devices, and even irreversibly damage their computer.
In 2023, the dark web remains a small, hidden part of the internet with strong ties to illegal activities and should be approached with caution.