Break stuff. Now.

Transit Privacy

The privacy implications of using an app for public transit payment

April 1, 2019

One day, I came across an announcement while riding a bus. The bus service posted a survey asking its riders if they were interested in using a mobile app to pay for their rides. In addition, this app would replace all existing modes of payment, both cash and paper bus passes.

The idea made me feel uneasy.

On one hand, no cash means no theft. No paper bus passes mean no more printing and distribution costs, as well as reduced paper usage. Apps are easy to build, deploy, update, promote, and acquire. And a centralized payment system means no more middlemen.

On the other hand, it takes aim at your privacy.

Your payment info

For an app to collect your payment, it must have access to your funds. You would think it would use something like Apple Pay or Google Pay. You'd be wrong.

If you notice, most of your utilities still offer payments via card or bank account. It's not because companies can't use modern payment systems, but because not all of its customers can. It's an accessibility issue, and it's highly likely that this new app will follow suit.

And for a recurring payment, it's silly to key in this information repeatedly. So, just like utility services, this system will probably offer remembering your payment information for you. This leads us to the first issue:

Another system storing your payment information.

Your behavior

I would imagine that the bus service is very eager to know more about its riders. Knowing where they are and when they ride, the service could optimize routing and dispatch. This would avoid having empty buses on the road, or too few buses during peak hours.

Just like any other company, metrics is key. It's always the numbers that dictate decision making. And what better way to get these numbers than to incorporate analytics on the app the riders have installed on their devices.

But the app may gather more data than it needs. This data may even be stored insecurely. The vendor may not be transparent about what data is collected or how it's used. And they may not even give you the option to opt out. This leads us to the second issue:

Another system collecting data about your behavior.

Your device

The biggest problem I have with the proposal is that you're forced to install an app just to use the service. It's an all-or-nothing deal, since cash and bus passes are no longer an option should this system roll out. Because you're forced into this system, you're also forced into its weaknesses as well.

A transit app would, at the very least, ask for network and location access on your device. These are used to carry out things like conducting online payments and finding nearby bus stops. But these very same permissions are enough to, for instance, gather your location and send them to a third-party.

And it probably won't be open-source, which means nobody can readily audit the source code to see what it's actually doing under the hood. One would have to disassemble the binary to source code, a process whose success rate varies. This leads us to the third issue:

Another system that may be leaking your personal information.


One of the things you can do to improve your privacy is to reduce the number of places that store your personal and financial information. Forcing users to use another app which requires the gathering and storage of all this information, without viable alternatives, is a threat to personal privacy.

The proposal will still undergo review. Should it ever be implemented, hopefully it went through people who know what they're doing. The last thing we need is a system implemented by a cheap vendor and overseen by an overexcited client, with neither having security and privacy in their sights.

Hopefully this article gave you insight on why I feel uneasy with the idea of using apps for bus ride payment. As always, if you have comments or suggestions, feel free to drop a line.