Uber secretly tracked iPhones even after its app had been deleted; Apple CEO Tim Cook wasn’t happy

“Travis Kalanick, the chief executive of Uber, visited Apple’s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker,” Mike Isaac reports for The New York Times. “It was a session that Mr. Kalanick was dreading.”

“For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineers,” Isaac reports. “The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple’s privacy guidelines.”

“But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared,” Isaac reports. “‘So, I’ve heard you’ve been breaking some of our rules,’ Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.”

“For Mr. Kalanick, the moment was fraught with tension. If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business. So Mr. Kalanick acceded,” Isaac reports. “In a quest to build Uber into the world’s dominant ride-hailing entity, Mr. Kalanick has openly disregarded many rules and norms, backing down only when caught or cornered.”

Read more in the full article here.

“Isaac of The NYT conceded over Twitter that a number of other companies engage in similar, if not the same, practices,” Eric Lieberman reports for The Daily Caller. “‘This is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone — over and over again,’ a representative for Uber told The Daily Caller News Foundation. ‘Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.'”

Read more in the full article here.

MacDailyNews Take: Obviously a violation or violations of Apple’s App Store policies that somehow got past Apple’s reviewer(s) for inclusion in the App Store.

Isaac reports that Uber geofenced Apple’s headquarters in Cupertino to prevent Apple from reviewing Uber’s code. That worked until Apple engineers outside of Cupertino looked at Uber’s code and found the “fingerprinting” infraction. Duh.

This won’t help Uber’s well-earned reputation for sliminess.

[Thanks to MacDailyNews readers too numerous to mention individually for the heads up.]

24 Comments

    1. When you consider that some apps are tens or hundreds of thousands of lines of code, and given the volume of apps that Apple has to go through, it becomes apparent that, at best, Apple will do functionality testing and testing for access to parts of the iDevice’s memory that the app should not be looking at (or writing to). To do a full, line-by-line code check would involve many thousands of new Apple employees, all of whom would have to be expert at the various languages in which the code could be written, and that would be far too expensive for the results desired.

    2. Uber is certainly creepy. However their Chinese drivers are shamelessly exploitative about gaming the compensation model for drivers by buying stolen iPhones, and using them to summon themselves using multiple email logins to the Uber app. The persistent fingerprinting of iPhone even after complete wipe was probably intended to detect the fraudulent drivers despite factory wipe and reinstall of Uber app. Of course that doesn’t excuse Uber for the unforgivable implications on privacy of such a practice, but that may reflect an element of the rationale for its inclusion.

    1. I will never use Uber either this is an eye opener
      Question if a person used Uber and read this account
      How does one stop Uber from tracking if the application has been deleted , would a conventional clearing in Safari be enough ? Would a person need tonchange their cell number and emails
      Addresses Or worse change their iphones that is quite pricey .

  1. Geez, what’s up with these Uber guys? They have a great thing going, but if you screw over your drivers that’s going to be an issue, surely. However, screwing over your customers at this relatively early stage of things, is a real “no-no.” Why can’t they simply take their “lead” and be happy to innovate from there instead of trying to figure out ways to maximize profits and analytics?

  2. If Uber wants to block stolen credit cards and/or stolen iPhones, why not simply check the card, and keep the ID of the iPhone associated with the transaction? Any transactions returned unpaid should block that iPhone from further Uber usage until the matter is cleared up. “Fool me once, shame on you, fool me twice, shame on me.”

    1. Simple really. The reason given is bs. He’s trying to justify why they did it.

      I knew they were dodgy POS so I’m not surprised that they would try to get away with something like this.
      I have the app but have never used the service. Am not happy they would be tracking my location even though I have never hailed a car.
      App now deleted.

    1. I don’t think so. I think the CEO Uber-idiot Travis Krapnuts was humiliated far worse getting his hand stuck in the Cupertino cookie jar. Had he not considered the ramifications of getting caught? Risk vs punishment? And they usually always get caught eventually.

      In future presentations Apple & Tim Cook as punishment are not likely to include Uber as representative of that kind of transportation service and instead promote their competitors like Lift or Curb. It’s why they call it a behavioral disincentive and why most sane & responsible CEO’s don’t try to gin the game this way. (Though in general many aren’t particularly known for their honesty.)

      1. Apple promises users an expectation of privacy, that Apple is the guardian of personal data. I wouldn’t expect Uber to respect that, but I do expect Apple to.

      2. Frank,
        Why do you think Apple summoned the Uber CEO to Cupertino for a chewing out? Could it perhaps be that they were acting as guardians of our personal data?

        I haven’t trusted Uber since they:

        (1) told the City of Austin that they would not fingerprint their drivers as if they were providing public transport like bus drivers or cabbies. They are independent contractors, right? The City can just run the ID information that they provide Uber and if that SSN and DOB comes back clean, they must be safe (and not identity thieves), right?

        (2) Paid tens of thousands of dollars to force Austin to hold a referendum on rolling back the fingerprint ordinance that the city passed in response to Uber’s intransigence. Expected Austin taxpayers to pay for conducting the referendum. Paid millions of dollars in corporate money to influence the vote–more than has ever been spent in any Austin city election for mayor, council, bonds, or anything else.

        (3) Shut down all their Austin operations immediately when the local voters rejected the crude effort to buy a city ordinance, leaving their drivers and customers in the lurch.

        (4) Have spent some unknown but massive amount of money on rural legislators from areas where Uber doesn’t even operate to pass legislation that will repeal the fingerprint ordinances in Austin and Houston and remove the authority of any other local governments to regulate local transportation.

        Look up how Italian fascism operated. Sounds familiar. Planting bugs in their customer’s iPhones is just a part of Uber’s effort to replace constitutional government with kleptocracy.

    2. The app review process is a balancing act between catching bad actors and not slowing down the process with thousands of apps a month pouring in. It’s like anything else, these companies start with the terms (the laws) and they can be unscrupulous or not . . . . eventually, Apple (the cops) will get a tip or do some police work if it’s not an immediately obvious “crime.” The review process can’t possibly catch everything the first go-around, any more than every criminal act is pre-empted.

  3. This is the reason Apple has chosen to bed itself with a Chinese ride sharing company. The formerly popular American company has repeatedly acted dishonestly.

    I think I’ll check out Lyft instead.

  4. Not surprising to see from a nation that has a broken moral compass. That nation is just terrified of playing by the rules on a level playing field.

    Thank goodness for the leadership and integrity of Tim Cook one of the last symbols of hope for that nation.

    1. Give it a rest, RW. You really don’t have to slant every article about a specific company and its app store into a diatribe about the military policies of a nation you dislike.

      All nations are self-serving, that’s fundamental to the competitive world we have created for ourselves. Militarily weak nations compete using financial, innovative, educational, or ecological means to improve quality of life of its citizens. Others prefer the medieval model of saber rattling and bullying other nations with the threat of military intervention. The USA is certainly not the first to go this path, and it is definitely not in the minority.

      1. It isn’t a slant, it’s a fact, whether you like it or not.

        How this ‘company’ is still a thing is beyond me. What do they have to do to bring on regulation? Reveal the mass grave (that is hyperbole, people)? The ‘sharing economy’ has been one of the biggest scams perpetrated in recent memory. It all started with crowdsourcing becoming an acceptable practice (i.e. getting what you would formerly pay a professional for, for free, with the promise of ephemeral celebrity. The porn industry wishes they were half as clever or conniving). Is anyone at all honestly surprised by any of this?

      2. Hey Paul,

        I’d be happy to give it a rest, as soon as your nation starts acting civilized. By the way, I never mentioned anything militaristic in my post, you may want to reread it. In this instance I pointed out that the concepts of morality and ethics are severely lacking in your nation. You are the one in this case bringing up the militarily perspective.

  5. So the question is, I delete the app, how do I delete this tracking piece of software? Is it on the phone or is the iPhone serial number in their database and whenever it is on and connected to the Internet, it is tracked??

    Is it possible to file a personal lawsuit against Uber?

    1. If they are actually planting tracking software on people without their consent, I’m not at all sure why that isn’t a crime that the U.S. Justice Department, Texas Attorney General, and Travis County D.A. should be prosecuting.

      Perhaps some time in prison would give Mr. Kalinick some perspective on government by the people, rather than by and for a kleptocracy.

      1. I suspect that Über protected itself from federal prosecution by simply inserting fine print into the user agreement. These days all digital services and apps are spyware. Even Apple softwares phone home constantly

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.