Latest in Security

Image credit: baramee2554 via Getty Images

Food app Ritual is sharing users' precise workplace information

And because it doesn't check whether you actually work at a location, random strangers can access the data.
306 Shares
Share
Tweet
Share
Save

Sponsored Links

baramee2554 via Getty Images

Ritual is a "social ordering" app that allows users to place an order for a meal and have it ready for pickup at a local restaurant. That's not new, but what Ritual allows is for other users to add their own food orders, or "piggyback", onto the order already in place. That way one person can head to the restaurant and bring back all the office's orders at once. Sounds fine, right?

Well, there's a huge problem with all this, as Twitter user Caitlin Tran (@caitlinsays_) pointed out. People can join any company on Ritual without any sort of verification and see which floor people work on. And the default settings of the app have users sharing the address of their office and the floor on which they work, as well as sending push alerts about where they're heading to pick up a meal.

We wanted to test it out for ourselves, so Deputy Managing Editor Nathan Ingraham signed up for Ritual and joined the Department of Justice. He then told the app that he worked on the ninth floor of the Chicago office. He was then able to see the first initials and last names of other people who worked in the building and which floor they worked on. This is, of course, limited to people who have downloaded the app, but for secure workplaces, it's absolutely a terrible breach of privacy.

Tran points out that you can sign up for Ritual and see office locations for employees at the Department of Homeland Security, Lockheed Martin, the Pentagon and more. It's important to note that while Ritual doesn't force users into the "Teams" feature, it's a vital part of the app experience. While the idea behind Ritual makes sense, it's shocking that there aren't better privacy controls and data sharing options -- users can't hide their location from other people, and with no verification to confirm you work in a building, there's rampant potential here for abuse.

Source: Twitter
In this article: privacy, ritual, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
306 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Pixel 4 vs. the competition: The camera battle intensifies

Pixel 4 vs. the competition: The camera battle intensifies

View
The Pixel 4's Recorder app can capture and transcribe simultaneously

The Pixel 4's Recorder app can capture and transcribe simultaneously

View
Google's Nest devices can tell if you're near with 'ultrasound sensing'

Google's Nest devices can tell if you're near with 'ultrasound sensing'

View
Pixel 4 will be available through every major US carrier

Pixel 4 will be available through every major US carrier

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr