How Secure Are Food Delivery Apps? Which Apps Are Safe?

Delivery guy on a scooter, phone with apps and magnifier over it and a broken padlock
Click here for a short summary of this article!
How Secure Are Food Delivery Apps? A Brief Guide

Most food delivery apps definitely suffer from privacy pitfalls. They often collect, store, and use enormous amounts of user data, which is a privacy issue and also makes them attractive targets for cybercriminals looking to obtain user data.

This is why we made a list of three relatively safe and very well-known food delivery apps for you. We’ll discuss these apps in detail and look at their privacy policies, security, and user-friendliness. The apps we chose are:

  • Uber Eats
  • Instacart
  • Just Eat Takeaway

There are also tips and advice for protecting your information when using such apps, including a good password manager and a strong VPN. A great VPN that we recommend to keep your data safe is NordVPN. Its strong encryption protocols and diverse server choice will go a long way in protecting your data.

For our complete analysis of Uber Eats, Instacart, and Just Eat Takeaway, and great tips to protect your data, read the full article down below!

The security of your food delivery app is probably not the first thing on your mind when you’re ordering a hearty dinner or a cheeky midnight snack. Nevertheless, your online privacy is very important, and food delivery apps increasingly collect tons of personally identifiable information.

Food delivery apps gather a great amount of data, such as your address, phone number, and sometimes even your credit card information. Needless to say, you want to be sure these apps only gather information that is necessary for your food delivery, store this data safely and don’t abuse the information they gather.

This article will discuss the potential privacy risks of using food delivery apps. We will also discuss three secure food delivery apps, their privacy settings, and what you can do to protect yourself against privacy issues that food delivery apps might expose you to, such as data breaches.


The Privacy Risks of Food Delivery Apps

Privacy risks iconFood delivery apps are more popular than ever and this trend will most likely continue: some expect the US food delivery industry to be worth 220 billion dollars in 2025! This will likely amount to about 40% of all restaurant sales. And, you might be one of many who regularly uses these apps.

What’s the big deal?” you might ask yourself.

The issue lies in how much data these apps collect and the fact they share this data with other parties. Data sharing often happens consciously, in line with the app’s privacy policy, but data can also get stolen.

After all, every platform which harbors a large amount of data automatically becomes an attractive target for hackers and other cybercriminals. In fact, according to the FBI, about 280,000 customers of an unnamed grocery delivery company had their data sold on the dark web in July 2020.

Needless to say, if your data falls in the wrong hands, this could have devastating consequences. An obvious example would be your payment information getting stolen and abused. That’s why, to help protect you, we will now discuss three relatively safe food delivery apps.


The Top 3 Most Secure Food Delivery Apps

There are always privacy and security risks when using an online service, especially if it’s a service that gathers a lot of personal data, such as a food delivery app. Nevertheless, we believe if you stick to the safest alternatives, you can avoid a lot of problems. That’s why below we’ve listed three apps that are relatively secure. We’ll discuss their security, privacy, and user-friendliness.

1. Uber Eats

The first food delivery app on this list is one that most food aficionados will recognize instantly: Uber Eats.

Screenshot of Uber eats app interface homepage

Needless to say, this app is part of Uber Technologies Inc. Some key privacy and security features of this app include the following:

ProsCons
Gives you the option to use two-factor authentication (password and smartphone).Data is shared with many parties.
They don’t have a policy to sell or rent user data.In 2020, cybersecurity firm Cyble discovered UberEats customer data, including login credentials, were being sold on darknet forums.
Transparency about what data is collected, what for, and whom they share data with.

Security

Ribbon with a shield showing a bug on itUberEats seems to have given a decent amount of thought to security and requires users to make an account to place an order. This is a great way to prevent more basic instances of credit card fraud.

What’s even better, is that you can secure your Uber Eats account with two-factor authentication. This ensures that malicious actors can’t access your account easily.

As far as your credit card info goes, you can store your credit card information on Uber to make it easier to order food, but this information will be encrypted. In other words, even if people get access to your account, they shouldn’t be able to steal this information (according to Uber).

They will only see the last four digits of your credit card number and the date of expiry. The data is encrypted so that even Uber’s internal employees can’t access it.

Privacy

What about privacy iconIt’s great that Uber is transparent about how much data they collect, but that doesn’t make this amount any less worrying. Uber Eats collects names, email addresses, phone numbers, login information, home/work addresses, location data, payment information, data about users’ devices, and app-based communications.

Uber uses the data above for everything from seeing where drivers or deliveries are in real-time, to customizing users’ accounts, research, and marketing their products. More shockingly, they also have access to call recordings and messengers between users to, as they say, help “resolve disputes.”

The main thing we recommend to keep your Uber Eats data safe is by enabling two-factor authentication for your account. This way, for someone to hack into your account, they need your email address, password, and a code that Uber sends to your phone every time you want to log in.

This scenario seems quite unlikely, to say the least. Furthermore, we recommend taking more general steps to protect your online privacy and security (check the next section!).

Lastly, it must be noted Uber Eats has had some privacy issues in the past. Most notably, in 2020 researchers from cybersecurity firm Cyble stated they had found personal data and login credentials from 579 Uber Eats customers going round on darknet forums. They also found data belonging to about 100 Uber Eats drivers.

User-friendliness

Uber Eats scores high when it comes to user-friendliness. Signing up is easy. In fact, if you already have an Uber account, you don’t need to do anything: Uber and Uber Eats use the same account. If you’re new to Uber, simply sign up with your name, last name, phone number, email and password.

Once you’re in, it’s easy to find the food and/or beverages you’re looking for. The app allows you to filter by price, duration of delivery, type of food, discount deals and much more. The software is easy to use and feels very intuitive.

Furthermore, Uber Eats is free to use and offers 24/7 customer support.


2. Instacart

Instacart is an American grocery delivery platform that operates in both the United States and Canada. The app partners with local stores to deliver groceries directly to customers’ homes. Their main selling point is that they deliver items on the same day.

Screenshot of Instacart app interface homepage

Instacart has been under fire before for privacy reasons before. They received especially strong backlash when it turned out that their users’ data, like with many other food delivery apps, was for sale on the dark web.

However, it has to be noted they have made significant improvements to their privacy, such as offering two-factor authentication. Moreover, after discovering some privacy irregularities, they took even more far-reaching privacy measures in August 2020, improving their infrastructure dramatically. These are some important privacy and security characteristics of Instacart:

ProsCons
They offer two-factor authentication.Their privacy policy is a little vague, for instance on whether they sell data.
The app takes special care to protect customers’ health information.They have had privacy incidents in the past.
Instacart doesn’t allow for device switching in the middle of an order for added security.

Security

Not too long ago, Instacart implemented two-factor authentication for shopper logins. This makes it part of a fairly select group of food delivery apps doing so.

They don’t just use it for shopping logins but also require two-factor authentication for making changes to your user account. They also periodically ask users to verify their identity. Moreover, they also banned the option to switch between devices in the middle of placing an order, among other security measures.

Many of these security measures came when Instacart discovered a potential privacy violation when third-party employees got their hands on privileged user data. The company was swift to retaliate, which is a good thing.

Privacy

Instacart gathers a ton of information about their users. They collect both data you enter and data related to how you use the app. Examples of the former include your exact location, phone number, credit card details, and if you use their medication delivery service, health information.

Padlock with Warning iconThe latter includes your IP address, pages you visit, information about the browser and operating system you are using, and any searches you run on Instacart.

Note that Instacart uses quite advanced and intrusive technologies to gather information about its users. For instance, they use, apart from cookies, pixels, scripts, and even device identifiers to gather a lot of data on their users.

We do view this extensive approach to data gathering as a potential privacy issue.

Moreover, there have been some privacy incidents, despite Instacart’s seeming commitment to data security. The most serious incident was when the data of thousands of Instacart users was found on the dark web in 2020.

Among this data were the names of customers, the last four digits of their credit cards, and their order histories. According to Instacart, they were not aware of any breach.

Vagueness regarding the use of data

Instacart uses personal data for much of the same that all food delivery apps seem to do: to provide and improve their service, charge the customer for products they buy, research to make their product better, and use targeted advertising.

Money, a folder and profile pictures on a screen to convey "Data Broker Sites"However, there were also a few data uses mentioned in Instacart’s privacy policy which we found a little more dubious. The following is an example of this:

“Fulfill any other business or commercial purposes at your direction or with prior notice to you and your consent.”

The vagueness of this sentence makes us very curious about just how varied these “purposes” could be in practice. Another example of vague language in Instacart’s privacy policy that concerned us is as follows:

“We share information on both a non-personally identifying basis (including, but not limited to, order and delivery details but not including credit card information) or an aggregate basis.”

We understand from the above how Instacart shares data that falls within this category. However, it doesn’t explain what data they share on an aggregate basis. They just list a few examples, but who knows what other data they might gather “on an aggregate basis” and who they share this with.

On a brighter note, Instacart clearly states their service is not intended for those under 13 years of age and they show commitment to deleting data that is accidentally collected from these youngsters.

What’s also quite positive is that they seem to be very careful about the way they handle PHI (personal health information) of people who use their service to get their medication delivered at home.

They are clear about how they use this information and how they protect it. For instance, they completely encrypt PHI both at rest and in transit.

User-friendliness

Instacart is quite user-friendly. The website and app are free to use for consumers and signing up are easy and straightforward. You simply enter your name, email, and password to make an account and you’re good to go.

You can now log in on both their website as well as in the app. They also offer a premium version (Instacart Express) for $99 a year which gives you some additional benefits, such as free deliveries for orders over $35.

Now it’s time to fill out your zip code, select the store you want to shop at, and fill up your shopping cart. You can filter products by category too, such as “discounted items.”

Unfortunately, we thought Instacart’s customer service isn’t nearly as prompt as other facets of its app. Like too many companies nowadays, they present you with endless FAQs and menus if you have a query and eventually you’ll get to see some contact form if your question hasn’t been answered yet. They only have a dedicated helpline for seniors.


3. Just Eat Takeaway

Just Eat Takeaway is one of the largest players in the international food delivery sector. They operate in a dazzling number of countries, including the Unit­ed States, Unit­ed King­dom, Ger­many, Cana­da, The Nether­lands, Aus­tralia, Aus­tria, Bel­gium, Bul­gar­ia, Den­mark, France, Ire­land, Israel, Italy, Lux­em­bourg, New Zealand, Nor­way, Poland, Por­tu­gal, Roma­nia, Slo­va­kia, Spain, and Switzer­land.

Screenshot of Just Eat Takeaway app interface homepage

Below we’ll list some privacy and security characteristics of this app:

ProsCons
Just Eat Takeaway has a clear and transparent privacy policy.Just Eat Take doesn’t require making an account to order food, which is bad from a security standpoint.
The company is registered in the Netherlands. This forces them to comply with (notoriously strict) Dutch and European privacy laws.Just Eat doesn’t offer two-factor authentication.
Since they’re a Dutch company, Dutch customers can file a complaint with the Dutch Privacy Authority.

Security

Although Just Eat shows some clear positives when it comes to privacy, its security still leaves something to be desired. For instance, they don’t require an account to place an order.

This means someone only needs access to your payment or credit card information to commit fraud on the app if you don’t have an account. This is something that cybercriminals can easily achieve with credential stuffing.

Just Eat Takeaway also doesn’t offer multi-factor authentication. Even if you have an account, if you’re not able to protect it with an extra security layer, it’s still pretty easy for criminals to access it.

However, Just Eat users have suffered from their fair share of scams. Earlier in 2022, one restaurant owner ended up losing £,9000 due to fraudulent activity on his account!

Privacy

As far as privacy goes, we have to conclude that Just Eat’s privacy notice seems quite fair and transparent. Their privacy statements differ a little bit between jurisdictions, but they cut to the chase fast about the data they collect and why. For instance, within the EU, they collect and use the following information to process your order:

  • Names
  • Addresses
  • Contact details
  • Order and transaction details
  • Payment information

This information is also used to help you if you want to connect with customer service and some of this information is also used when you submit restaurant reviews. They also use your name, transaction details, and payment information in order to combat fraud.

As far as keeping your data safe, Just Eat mentions they use appropriate technical and organizational protective mechanisms. We do have to note this is a little vague. Lastly, they also offer the opportunity to opt out of receiving marketing communication.

User-friendliness

We’d say Just Eat Takeaway is sufficiently user-friendly, but can still improve on this front. We were able to test the Dutch version of the app since our office is located in the Netherlands.

We noticed that the categories are not as clearly indicated at the top of the screen as we would have liked. The app does mention some categories but these are not really highlighted.

Instead, the app jumps straight into pictures of the closest restaurants, with many of them covering the same niche. We would have liked a stronger focus on different categories of food for more variety.

On the bright side, we thought the ordering process was very straightforward. Although problematic for security reasons, the opportunity to check out as a guest does make the app a lot more user-friendly for people who just want to use the app once or twice without creating an account.

Making an account is also quite fast and straightforward. Just Eat also allows you to use your Facebook or Google account, rather than creating a new one. It’s also free to use for consumers.

Unfortunately, we do think Just Eat’s customer service is severely lacking. We checked out the British, Dutch, and Spanish versions’ customer support options and were disappointed. All versions offer some FAQs and if you can’t find the answer you’re looking for, you can fill out a contact form.

The British version does offer a live chat, which is available during work hours and from 9:00 to 13:00 on Saturday. The Spanish version also offers this, but you need to be logged in, making this option unavailable to guest users.

The Dutch version didn’t even seem to offer a live chat at all. Another positive is that the Spanish version offers a phone number users can reach.


How to Keep Your Data Safe on Food Delivery Apps

Of course, it’s important to find a food delivery app that you trust to take care of your data. However, we believe you should also take steps yourself to keep your data safe. After all, the only online entity you’re completely in control of is, well, yourself. That’s why we’ll list three important ways down below to help keep your data safe.

Infographic showing how to keep your data safe on food delivery apps

1. Use a good password manager

We believe this is the most important security measure to take to secure your food delivery app accounts. A password manager, after all, remembers your accounts’ passwords for you. This means you won’t have to use the same password for all your accounts or use dangerously simple passwords in order to remember them.

Often, a password manager can also generate strong, complex passwords that are hard to crack. Moreover, most password managers protect passwords by using powerful end-to-end encryption. This means only the person who has the master password (you) is able to see your passwords.

If you combine a strong password manager, such as 1Password or NordPass, with two-factor authentication (something not all food delivery apps support, unfortunately), it should be exceptionally difficult for hackers to get into your account. Lastly, some password managers, such as NordPass and 1Password, also offer a data breach scanner.

This scanner alerts you when your information has been compromised in a data breach and will prompt you to change your passwords. Considering the fact that plenty of food delivery apps have suffered from data breaches in the past, this is a useful security mechanism.

Get 1Password!

2. Use a good VPN

Screenshot of NordVPN home page with logo added in the corner

Using a good VPN is another important step to protecting your data. A VPN helps to anonymize your data traffic by hiding your real IP address. This increases your online privacy. Furthermore, a VPN also encrypts your data traffic, making it unreadable to unwanted interceptors. This greatly improves both your online privacy and security.

Many websites and apps these days offer more than adequate encryption to protect your data. However, it’s never a good idea to rely completely on another party’s defense systems. It’s much better to take matters, at least partly, into your own hands.

This is where a VPN’s powerful encryption comes in. It will protect your details, such as your credit card information, when placing an order, and when logging into your account, for instance. We highly recommend NordVPN if you need a reliable VPN for protecting your information online. There are other benefits of using a VPN that you should know about too.

NordVPN
Our pick
Our pick
Deal:
Only $2.99 a month for a two-year subscription with a 30-day money-back guarantee!
From
$2.99
9.3
  • Excellent protection and a large network of servers
  • Nice and pleasing application
  • No logs
Visit NordVPN

Furthermore, if you’re in a foreign country and want to use a food delivery app that you’re unfamiliar with, it’s best to use a VPN before you connect to it. A VPN protects your information, especially when you’re connected to public (unsecured) Wi-Fi networks. This becomes all the more important if you intend to pay online too.

3. Read the app’s privacy policy or a summary

Privacy policy iconWhen it comes to online privacy, it’s often a matter of how much you’re willing to give up in exchange for enjoying a certain service. Because the fact is, you’re virtually always sacrificing a degree of privacy when using modern online services such as food delivery apps.

It is no secret privacy policies are often very lengthy and complex. If this puts you off, you can also choose to consult a website like ToSDR, for instance, which contains summaries of user agreements and privacy policies of many large companies. You may want to learn more about the privacy caveats of user agreements and privacy policies.


The Bottom Line

As we’ve seen in this article, there are quite a few privacy and security issues food delivery apps can expose users to. Fortunately, there are also apps that try to protect their customers with safety features such as two-factor authentication, periodical identity identification, and transparent privacy policies.

If you stick to the safest food delivery apps and take protective measures, such as using a VPN, you have the best chance of protecting your data, without sacrificing on convenience!

How Secure Are Food Delivery Apps? — Frequently Asked Questions

Do you have a specific question about the security of food delivery apps? Have a look at our FAQ down below and see if we’ve already answered your question. If we haven’t, feel free to leave us a comment down below and we’ll get back to you as soon as possible.

Food delivery apps can have some privacy drawbacks, such as the huge amounts of data they collect and store and, in some cases the lacking security measures they implement. However, generally, if you use a good password for your account(s) (and ideally a password manager) on a food delivery app that offers two-factor authentication, your data should be quite safe.

Uber Eats has had privacy incidents in the past, most notably an incident in 2020 where the account details of almost 600 customers were found on the dark web. Nevertheless, it is one of the few food delivery apps that offer two-factor authentication. It’s one of the safest food delivery apps.

We strongly recommend using a strong password manager, such as 1Password or NordPass, to generate strong passwords for your account(s) and store them safely. We also suggest using a VPN for added security and strong encryption, no matter what app you use. Lastly and most obviously, read the privacy policy or a summary of the company you’re ordering from to make sure they do not gather any data or use this in a way that you’re not comfortable with.

Tech journalist
Nathan is an internationally trained journalist and has a special interest in the prevention of cybercrime, especially where vulnerable groups are concerned. For VPNoverview.com he conducts research in the field of cybersecurity, internet censorship, and online privacy. He also contributed to developing our rigorous VPN testing and reviewing procedures using evidence-based best practices.