The Security Risks of Dining Out

In a post coronavirus world, the hospitality industry has become digitised. Many restaurants now allow customers to browse their menu and pay for food or drinks by using an app without having to leave their seats. But what price do we pay for the luxury table service offers?

Covid-19 restrictions have introduced British patrons to the ease of table service. With consumers not being able to stand at the counter to order their food and drinks due to restrictions and distancing rules, apps and QR codes were forced into the hand of the consumer.

Apps and QR codes allowed customers to order and pay through their phones without having to wait in line or speak to a waiter. Originally popular at the chain restaurants Wetherspoons (who introduced their app in 2017), ordering from your phone has become the norm for many across the UK — even with the end of Covid restrictions.

With table service apps becoming a part of the UK dining out experience (whether you like it or not) — do Brits truly understand how their data is being collected.

TechRobot has analysed the privacy policies of over 80 of the UK’s go-to dining out apps to reveal which are the most invasive and to find out more about how our data is being handled by the apps we used to dine out. 

Which app knows the most about you? 

Introduced in December 2020, Apple’s privacy label also known as nutrition labels gives iPhone users the ability to see the information apps will collect on them and how it will be handled before they download.

There are several apps that harvest lots of data from users, and the worst offenders might not be who you expect them to be. By analysing the privacy section of different dining app, TechRobot can reveal the most data-hungry table service app.

The graphic below highlights the top five apps that know the most about you.

RankApp NameTotal data tracked
1Caffé Nero21
2Paul UK20
3Domino’s Pizza16
4Wendy’s UK15
5My McDonald’s UK15

Besides the obvious such as name and email address, apps are keeping track of a wide array of details including financial information, browsing and search history, items you purchase, your location and other sensitive data.

In some instances, the data is sold to third parties, who will use the information to advertise products or services you’re more likely to buy.

Out of all the apps in the study, Caffé Nero knows the most about its customers. Tracking 68% of user data available, including location, search history and media content, the coffee house collects more information about its patrons than any other dining app. 

Collecting 65% of user data, Paul UK ranks in seconds as the most invasive dining out app in the UK. Customers using the app to order ahead or to earn reward points will be interested to know how much personal information the app is tracking.

Domino’s Pizza places next and rounds off the top three. Gathering information on location and browsing history, the app is collecting 52% of user data.

Other apps in the top 20 most invasive food apps include Costa Coffee, Burger King and Starbucks.

As well as Caffé Nero, Paul UK, Domino’s Pizza, Wendy’s UK and McDonald’s who have been revealed as the 5 most data-hungry apps, BrewDog and Costa Coffee landed in 6th and 7th place.

BrewDog — a multinational brewery and pub chain that was found in 2007 by James Watt and Martin Dickie — asked users for 42% of their information.

The data points the BrewDog app collects include user and device info, search history, location and physical address.

Costa Coffee — the British coffee house chain with over 2,600 shops in the UK — asked for the seventh-highest amount of data from users, collecting 42% of user information.

At the other end of the scale are the apps Turtle Bay, DrinkApp, Hollywood Bowl Food & Drink and Koshari Street which have all chosen against collecting any data via their respective apps.

In the US, Caviar and Grubhub are the dining out apps that know the most about you

RankApp NameTotal data tracked
1Caviar: Local Restaurants, Food Delivery & Takeout23
2Grubhub: Local Food Delivery23
3Postmates — Fast Delivery21
4Uber Eats: Food Delivery21
5Subway®18

In the US, casual dining restaurants are relying more on app technology due to the shortage of servers and to make the sit-down experience more automated. 

The apps allow for completely contactless ordering and payment and are slowly becoming a permanent tech fixture due to the coronavirus pandemic. The spread of ordering via apps has allowed companies to track and target users. 

This rise in dining out apps has granted some restaurants the access to build a database of their customers’ order histories and contact information. 

Of all the apps in the study, Caviar: Local Restaurants, Food Delivery & Takeout collects the most data from their customers. Tracking 71% of user data available, such as purchase history, location and user ID, the app that lets you pick from a list of local restaurants right at your fingertips has been revealed as the most data-hungry.

GrubHub ranks in second as the most invasive in the US. Customers using the app to order from their favourite local and chain restaurants may be interested to know that 71% of available data is being collected.

Postmates comes in third position. Gathering information on email and text messages as well as photo and videos, the app is collecting 68% of user data.

Other apps in the top 15 most invasive food apps include Dunkin’, Jack in the Box and Wendy’s.

As well as Caviar, Grubhub, Postmates, Uber Eats and Subway — who have been revealed as the 5 most data-hungry apps -Dunkin’ and Chick-fil-A landed in 6th and 7th place.

Dunkin’ also known as Dunkin’ Donuts — one of the largest coffee shop and donut shop chains in the world — asked users for 52% of their information

These data points included user and device info, purchase history, phone number.

Sonic — an American drive-in fast-food restaurant chain owned by Inspire Brands that has 3,530 restaurants and are located in 46 U.S. states — asked for the seventh-highest amount of data from users. The app tracks 52% of customers information.

At the other end of the scale are the apps Slim Chickens, which have chosen against collecting any data via the app.

How to check the data app holds on you

​​It’s tempting to download your local coffee shop app for the convenience of ordering ahead. But have you ever wondered what you are permitting it to access? Just like with terms and conditions, it’s easy to hit download or accept without reading what is being asked of you. However, it’s just as simple to control the information they have access to. 

We should spend time reviewing these apps to ensure that they don’t exceed the amount of data they are collecting.

For apps, you have already downloaded, it’s very easy to see what data you’ve allowed them to collect and revise your decision on what you share with them by just a tap of a button. 

On android phones, the setting titles may vary depending on which manufacturer made your phone, but you should be able to find something similar on your device.

Open up the Settings app and then tap on the Privacy menu. From there, head to Permission Manager and then, for example, you could click on “microphone” to see all the apps that have asked for access to your microphone. To turn off a permission that an app has, tap on it, and you will be presented with a couple of options such as granting access to an app all the time or only when it’s open. If the permission is particularly important to the app, you might have to tap a confirmation box.

If there’s one particular app you’re concerned about, you can go to Settings and scroll down until you see the menu Apps. From there, you can tap on the app you want to review by clicking on the app and then Permissions. You can also just hold your finger on any app and tap the “i” for the same options.

For iPhone users, it’s just as simple.

Once on the Settings page, hit Privacy to view the categories of data allowed to be collected such as location, camera, contacts and so on. Tap on any menu to see which apps you have granted permission to.

If you want a specific app breakdown, scroll down the Settings menu to find individual apps, and then you can click on them to see what they have permission to.

In the event that an app starts behaving strangely or even stops working once you have revoked permission, you may need to reconsider whether to grant back the permission or use it without that particular function.

There are also services available like AppCensus and Exodus Privacy that can help you keep track of what personal data is being collected, who it is being sent to, whether the data is encrypted and if there are any built-in trackers within the app. 

Being tech-smart means also being data smart—how much you share, who to and when is up to you. Recently, phone developers have been trying to put users back in control when it comes to their personal data. By letting users know what information apps are sharing and with whom before and after they download them, they are allowing users to get into the driver’s seat when it comes to their data. It’s up to us to take the next steps.

Sources and methodology

TechRobot created a list of the most popular food apps in the UK and the US. The data each app collects was found using the Apple privacy label, which is illustrated on the App Store. We marked down the different types of data the apps collect, for instance, location, browsing history and phone number.

The apps with the higher total were deemed to know the most about users.