Select Page
In this article, we provide insight into some of the privacy risks associated with connecting your mobile technology to rental cars. We hope to help you better understand the risk of unknowingly leaving behind personal data on your rental car’s infotainment and navigation system. We also share a few ways in which you can protect your personal data from finding its way into the hands of wrongdoers.

 

When the world returns to “normal” following this period of uncertainty, it is our hope that the travel industry will recover.

We cannot predict what the industry will look like in the new normal. However, we fully expect the car rental market to regain its momentum in the short-term as domestic travel recovers and in the long term as long-haul business and leisure travel returns to pre-pandemic levels.

 

So you’ve just picked up a rental car. What next?

Well, if you have a smartphone like many of us do, the first thing you are likely to do is to try to connect your phone to your car’s infotainment and navigation system (if it has one).

Most modern cars will have a mechanism that allows drivers to connect their mobile devices to vehicles and to enable features like hands-free calling, playing music and in some cases, mirror your phone’s screen. Drivers generally connect to these systems via a physical USB connection or by pairing their phone with the vehicle over a Bluetooth connection.

 

Connecting Your Phone to a Rental Car

You may assume that when connecting your phone to a rental car, there should be little to no risk to your personal information or privacy. However, a recent article by the Washington Post outlines just how much information can be retained on those vehicle infotainment systems.

After hacking into an infotainment system they discovered:

  • unique identifiers for previously connected phones;
  • detailed log of phone calls;
  • text messages;
  • photos; and
  • and entire contact lists including other people’s names, address, and emails.

As of this article’s publish date there have been no high-profile reports of data breaches involving rental cars that we know of. However, there is definitely an opportunity for your personal information to be collected either by the rental car company and auto manufacturer, another customer who rents the vehicle or even stolen by a hacker.

 

Personal Data in a Rental Car. Whose Responsibility is it?

Many of us when returning a rental car are likely to leave our phones paired. In fact, here’s a picture of the last rental car I used on a business trip which had phone pairings leftover from eight previous renters, and the car was relatively new with under 10,000 miles on it.

This oversight is totally understandable. In many cases, we’re returning rental cars in a hurry, leaving barely any time to wipe down our data before rushing to catch flights or trains to our next destinations.

You may assume that the car rental companies will remove this data on your behalf. However, in my experience, this is not the case as proven by my last rental.

Many rental car companies don’t even address personal data left in their vehicles within their rental car policies. Where they do, they state pretty clearly that you as the driver are responsible for unpairing and removal of data. For example, rental giant AVIS provides the following guidance in their privacy statement:

“We [AVIS] are not responsible for any data that is left in the vehicle as a result of your use.”

 

Safeguarding Your Personal Data

Given the above facts, what can you do to protect your cyberself while using a rental car? We share a couple of things to consider (ranked from least to most extreme) when connecting your phone to a rental car.

#1 – Don’t allow access to your contacts

When connecting your phone, where possible, consider blocking access to your contacts through your phone’s operating system (iOS or Android).

This could protect you from giving up personal data stored on your device while still allowing you to play music or make hands-free calls. This will, however, not stop the infotainment system from recording call information or maybe the fact that you really like a particular song and play it on repeat way too much.

The chance to block access to your contacts usually comes when you are initially pairing your devices to the infotainment system. Depending on your phone manufacturer or model, you may see a pop-up message on your phone similar to the picture below. Go ahead and click “DENY” (or the equivalent) to make sure your contacts are not ingested by the vehicle.

Similarly, if you are connecting your phone to a rental car via USB select “NO” just in case the infotainment system requests access for some reason during the process.

 

#2 – Always unpair your device

If the one rental car company policy mentioned above is an industry precedent, then from the rental car company’s perspective, it is your responsibility to clean up your personal data.

Make it a routine to leave sufficient time when returning your rental car to remove your device from the Bluetooth pairing settings. This should (no guarantees) wipe the information collected by the infotainment system from your device.

If you’re in doubt about how to do this, refer to the driver manual in the glove compartment to assist you with unpairing your device.

If you really want to learn more about fully removing data from a rental car, consider checking out privacy4cars.com (no affiliation of ours). Those guys seem to really nerd out about the subject of personal data, privacy and cars and have even built an app with step-by-step instructions on how to remove your data from many different vehicle models.

 

#3 – Opt for Apple or Android car apps over automaker’s app 

Unfortunately, we can’t tell you that this is truly the“more secure” option. However, if we’re being candid, your phone’s operating system probably already knows a lot more about you than you know, so you might as well commit.

Committing to vehicle connection apps made by app providers like Apple or Google, both of whom are likely to take security more seriously than an automaker, is probably the wiser decision.

Not only are the native phone operating system apps more likely to be secure, but apps such as Apple CarPlay and Android Auto are also meant to be a safer way to interact with your phone while driving. Driver safety is a priority after all.

 

#4 – Refrain from connecting all together

Now we know this is the least practical option. However, we did say it was the most extreme…and is the best way to limit your exposure to personal data leakage when connecting your phone to a rental car.

There was a time before hands-free connections when we all got by and it is still possible to live without the distraction of using your phone while driving your car (never a good idea even on a good day).

Who knows…you may even find this a good way to digitally disconnect and “being more present in the moment”. By removing this opportunity to interact with your phone you can focus on your driving and the (hopefully) beautiful scenery around you.

If however, this is all a bit too much for you and you do need to connect but are still concerned about your privacy, consider these equally “extreme” measures:

  • charging your phone using a 12-volt USB converter (through the old cigarette ports);
  • listening to music through 3.5-millimetre audio connectors; and
  • using a speakerphone or a dedicated hands-free headset.