Social ordering app Ritual, which allows users to place an order for a meal and have it ready for pickup at a local restaurant, has been found to be sharing users’ precise work location by default, including the address of their office and the floor on which they work, Engadget is reporting.
What sets Toronto-based Ritual apart from other food ordering apps is that it lets other users add their own food orders onto an order already in place, allowing one person to head to the restaurant and bring back all the office’s orders at once.
As pointed out by American Twitter user Caitlin Tran, people can join any company on Ritual without any sort of verification and see which floor people work on. Worst of all, the app even sends push alerts about where users are heading to pick up a meal. She claims the feature could result in people stalking employees at highly sensitive government organizations.
Bad data privacy: On the “social [meal] ordering app” Ritual, you can join any company without email verification and see which office floor users work on at places like @DHSgov, @LockheedMartin, @PalantirTech, and the Pentagon. pic.twitter.com/fZrwPCGJaw
— Caitlin Tran (@caitlinsays_)
We tested these claims out, and after joining the Canada Revenue Agency office in Toronto (see screenshot above), we were able to see first names and last initials of employees working on the main floor, of the office located at 55 Town Centre Court. We’ve reached out to Ritual for comment and will update this story accordingly.
As of now, there is no way for users to hide their location from other people using the Ritual app, and with no verification method in place, it gives people a huge opportunity to potentially abuse the service.