You might want to delete the pub order apps on your iPhone or Android due to privacy concerns
England has now discarded almost all emergency laws designed to stop the spread of Covid-19, including social distancing rules, no limits on the number of people who can meet or attend events, table service will no longer be required in pubs and restaurants, and face coverings will not be legally required in enclosed spaces – like public transport or theatres. Some establishments will still require face coverings and other rules to encourage customers who might otherwise be put off, but these rules can not be legally enforced.
With table service no longer a requirement, it might be time to take another look at the number of pub apps downloaded to your smartphone. These applications, which allowed customers to order food and drink to their table with a smartphone, were hugely popular in recent months. The majority of the biggest pub chains across the UK have launched their own application to make ordering from your seat fuss-free.
But while the prospect of queuing shoulder-to-shoulder with other customers at the bar might not be all-that appealing, it’s worth remembering that some of the most popular apps are recording much more than your drinks order. And that might not be a trade-off you’re willing to make.
Speaking to WIRED about the worrying trend of data collection from these applications, Michael Veale, a lecturer in digital rights and regulations at University College London, said: “When hospitality started to have an obligation to take contact details last year, there was no obvious privacy-preserving tool to do this with. In many hospitality venues, they are still using the technology from the earlier part of the pandemic last year to fulfil orders and table service, which collect unnecessary information.”
Wetherspoons launched its ordering app back in 2017 – well before the arrival of coronavirus on British shores
Wetherspoons
Wetherspoons launched its pub app before the pandemic gripped the globe. Back in 2017, the Wetherspoons app allows customers to order drinks, snacks, and food to their table. Payment is made through the app with a credit or debit card, or systems like Apple Pay and Google Pay, which use fingerprint or facial recognition to verify your identity and approve the payment.
While the order app has been around for years, its use has spiked in the pandemic. As you might expect, the Wetherspoons app collects information from any of the forms filled in within the app, including name, home address, email address and phone number.
In order to pinpoint which branch of Wetherspoons you’re in, the app taps into the GPS functionality built into your smartphone. The Android version of the app has seemingly wider-ranging permissions than the iPhone version of the same app. On Android, the Wetherspoons app has the ability to read, modify, and delete items from your USB storage. It can also snap pictures and video from your camera.
Greene King offers a similar service to Wetherspoons with its app, but siphons a little more data
Greene King
Like Wetherspoons, Greene King has an application designed to find and book tables at any of the 1,600 locations across the UK. As soon as you’re inside the pub, the iPhone and Android app can be used to order drinks and food to your table.
Using the app to do any of this will result in the software recording your names, contact details, booking information, loyalty card details, transaction information, date of birth, email addresses, telephone number, and payment details.
While that all makes sense, the Privacy labels in the App Store reveal that Greene King will store your search history, identifying the make and model of your smartphone, as well as how you interact with the app. That makes a little less sense.
Like the Wetherspoons app, the Google Play Store reveals more wider-ranging permissions than the iPhone version of the app. Like its Wetherspoons counterpart, Greene King can read, modify, and delete the contents stored on your USB storage, as well as take photos and videos.
Freedom Day: Dr Philip Lee calls on the government to ‘grow up’
OrderPay
The OrderPay app is used by some 1,500 pubs, bars and restaurants across the UK. The software, available on iPhone and Android, collects the usual name, email addresses, telephone number, and details of how you decided to login to the app. It also stores payment information, but not individual credit or debit card numbers. That all makes sense.
Perhaps more concerning, every time you launch the app, it will siphon GPS data, as well as allergen and dietary information, transaction history – including what you bought and how much was spent, IP address – that can be used to find your location, mobile phone service provider, model of phone, and “cookie, pixel and beacon identification information”, plus nearby Bluetooth signals.
Konrad Kollnig of Oxford University, who built the TrackerControl Slim app that analyses how Android software tracks and shares data, told WIRED that OrderPay sends some of this data to six separate data-tracking firms. That’s the highest number of any of the pub apps analysed. It also shares the location data with the OrderPay head office.
According to Kollnig, that step is completely unnecessary. He explains: “A list of all pubs could be downloaded on the Android device – as is done by the Wetherspoon app.”
In its small-print, OrderPay says that it will hold onto personal data for up to six years and could “transfer your personal information outside of the United Kingdom (UK) and European Economic Area (EEA)”.
MyPub is used by a number of different brands, from Slug and Lettuce to WalkAbout
MyPub
Finally, MyPub is the order app used by Stonegate Pub Company, which is behind all Slug & Lettuce and Walkabout locations as well as 4,500 other pubs around the UK. The privacy policy reveals that MyPub might collect names, email addresses, contact telephone numbers, passwords, as well as date of birth, gender, interests, and preferences. This is the first pub app to take note of gender.
All of this information is siphoned and used to “better understand our customers and online users, including profiling”. While that could result in promotions and events that are better suited to the people frequenting these locations… you’re handing over a lot of personal information for a pretty small benefit. When ordering at the bar, you’d be a little taken aback if the bartender had to record your gender, interests, date of birth, name, email address and mobile phone number before handing over a drink – simply so that your local can better understand its customers.
Like a number of the other pub apps in the list, Android users are hit harder with data-collection. According to the listing on the Google Play Store, MyPub can read, modify or delete the contents stored on the USB storage associated with your phone. It can also take photos and videos where necessary and track your location using GPS.
“MyPub and Greene King seem to have the best privacy properties among the apps studied,” concludes Kollnig.
Leave a Reply