Waze's community-centric navigation is supposed to help you avoid obstacles that other apps might miss, but that same technology is also creating some serious privacy issues. UC Santa Barbara researchers speaking to Fusion have found an exploit that would let an intruder track your driving in real time. After reverse-engineering Waze's server code, the researchers found that they could create thousands of ghost drivers that monitor the real drivers around them -- they can even create virtual traffic jams. The trick only works when you have the app in the foreground (Waze turned off background location sharing in January) and breaks when you turn on the invisibility mode, but that's not going to be much comfort to drivers running the app non-stop during their commutes.
The team has been in touch with Waze about this issue for a while, and the Google-owned firm says it already tackled "some" of the concerns through some privacy protections. For instance, there's a "cloaking" system that's supposed to mask your actual location. However, it doesn't appear to be all that effective -- in a Fusion test, the UCSB group could trace a writer's journey in detail. Moreover, this exploit isn't limited to Waze. You could wreck a dating app by creating legions of robotic romantics, among other examples.
Waze is aware of the remaining flaws and hopes to fix them. Right now, one of the best options may simply be to put a limit on data requests so that one computer can't create a fleet of fake cars. And there isn't that much risk that you'll be tracked, since any would-be snoop will need a general idea of where you go to get started. If you're at all concerned that someone might want to study your movements, though, you'll want to either use that invisible mode religiously or use another app to get from A to B.