Uber has tweaked one of the features in its app after it was shown to let sensitive trip data become publicly accessible through Google.
The feature lets Uber customers share their ETA, via SMS, with friends and family during a ride. The text that's sent includes a link to a live map that shows where the rider is during the course of the ride, just like the map shown on the rider's own smartphone.
On Thursday, links to dozens of the maps could be found on search engines like Google, by performing a site search of trip.uber.com. In addition to the route, the maps show the first names of the rider and driver, and the car and license plate of the driver. On these sites, the source code also includes the exact addresses of the pick-up and destination, and the exact date and time of the ride.
The links were publicly accessible through Google because they had been shared online on social media sites by the people who had received them, Uber said.
Now, riders can continue to share links to the maps, but the links will expire after 48 hours. Uber chief information security officer John Flynn announced the change in a tweet on Friday.
Riders can continue to share their trip links publicly, but now they expire after 48 hours. h/t @mikko— four (@four) September 4, 2015
The change's effect can already be seen online. Links that on Thursday had displayed maps now only bring up a web site reading, "Page not found."
Uber has been subjected to criticisms and questions over privacy and its user data policies. In this instance, the company acted swiftly to mitigate concerns tied to an important data issue.
(Correction: An earlier version of this report misidentified the source of a tweet from Uber. It was from Uber's chief information security officer, John Flynn.)