It was a lovely mid-afternoon, circa early 2015, when Apple almost kicked Uber out of the iOS App Store. Turns out, Uber had been “secretly identifying and tagging iPhones even after its app had been deleted and the devices erased”, according to the New York Times. And this practice of identifying iPhones with a small piece of code, called ‘fingerprinting’, was against Apple’s privacy rules.
Uber clarifies that this maneuver was only adopted in 2014 after fraudsters in China tried to trick the ride-hailing company into doling out bonuses for phantom rides. Here’s what they would do: A driver would buy a stolen iPhone which had been wiped out and put on the market again. They would then create a new account from each iPhone and request rides, which they would then accept. The more rides one driver accepted, the more rewards he was entitled to from Uber.
To break this practice, Uber started embedding iPhones with a small piece of code that would reveal the user’s identity. This was clearly against Apple’s policies which stipulated that once a user has erased all data from the iPhone, no trace of his/her identity should remain on the device.
When contacted by TechCrunch, an Uber spokesperson clarified: “We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
Geofencing Apple headquarters
Uber’s unethical practices didn’t just end with the privacy invasion. The company knew it would get into trouble if Apple were to discover the deception. Therefore, Uber CEO Travis Kalanick got his engineers to geofence Apple’s California headquarters. This meant that if someone inside the stipulated geographical area were to review Uber’s software, they wouldn’t be able to trace the company’s ‘fingerprinting’ because the code would be obfuscated. That didn’t stop Apple’s engineers in other locations from discovering the fraud, eventually leading to that lovely mid-afternoon when Apple CEO Tim Cook summoned Kalanick to his office.
Location privacy is a contentious issue because even though our smartphones are filled with location-aware apps, we are only beginning to understand the risks associated with continuous tracking of our whereabouts. Since the majority of us don’t even bother reading the terms of service agreement before downloading an app, we never know if an app would end up selling our location history to a third party.
And with companies like Uber around, someone would always be willing to lap up that data. The New York Times also reports that Uber purchased rival firm Lyft’s rider receipts from an analytics service called Slice Intelligence to gather intelligence on its competition.
Uber has been having a rough year, but it has nobody but itself to blame. In January more than 200k people joined #DeleteUber movement. Then the company was embroiled in an internal sexual harassment investigation after an ex-employee, Susan Fowler, wrote a blog post describing her experiences working at Uber. On top of that, as many as seven top executives have quit Uber in the past few weeks, including the VP of maps and business platform, Brian McClendon. Where does it all end?