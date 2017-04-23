Uber Tried To Hide Its Secret IPhone Fingerprinting From Apple (cnbc.com) 24
theodp quotes today's New York Times profile of Uber CEO Travis Kalanick: For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple's engineers. The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple's privacy guidelines.
Uber told TechCrunch this afternoon that it still uses a form of this device fingerprinting, saying they need a way to identify those devices which committed fraud in the past -- especially in China, where Uber drivers used stolen iPhones to request dozens of rides from themselves to increase their pay rate. It's been modified to comply with Apple's rules, and "We absolutely do not track individual users or their location if they've deleted the app..." an Uber spokesperson said. "Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users."
The article offers a longer biography of Kalanick, who dropped out of UCLA in 1998 to start a peer-to-peer music-sharing service named Scour. (The service eventually declared bankruptcy after being sued for $250 billion for alleged copyright infringement.) Desperately trying to save his next company, Kalanick "took the tax dollars from employee paychecks -- which are supposed to be withheld and sent to the Internal Revenue Service," according to the Times, "and reinvested the money into the start-up, even as friends and advisers warned him the action was potentially illegal." The money eventually reached the IRS as he "staved off bankruptcy for a second time by raising another round of funding." But the article ultimately argues that Kalanick's drive to win in life "has led to a pattern of risk-taking that has put his ride-hailing company on the brink of implosion."
I was checking price on an Uber and installed the app for the first time. I ended up using a regular car service because the price differential wasn't enough to overcome the "who knows who is coming to pick me up" issue. So now my phone is fingerprinted, great.
You don't already assume your smartphone is being fingerprinted and tracked?! That's the first thing anyone using such a device should assume.
what is it with black people and the bus stop?
It's a convenient way to avoid people like you.
Well, Larry Ellison is a bastard. So was Steve Jobs. Being a bastard surely doesn't make you successful, but it probably helps some times. I'm guessing the trick is knowing when not to be yourself.
"has led to a pattern of risk-taking that has put his taxi company on the brink of implosion."
There. FTFY.
. . . they are certainly doing extremely well at hiding their profit.
Really? I was going to say that hearing Uber is doing something unethical is like hearing that Trump is doing something that contracts a promise he previously made -- not newsworthy anymore.
The *tracking* is based on Uber saving device UDID, so that they know who you are even if you later reinstall the app and use a different account. While Uber is evil in many ways, this UDID "tracking" is not what the article makes it appear - Uber certainly cannot "track" anyone in any way once their app has been removed.
In fact, I am not sure why go to such great lengths to obtain UDID when device MAC address is readily available (and must be for variety of software to work) and globally unique.
This also s
Does iOS make the actual MAC address readily available to the application layer?
Knowing Apple I would have thought the MAC address would be abstracted, with iOS providing apps access to the TCP/IP stack a lot closer to the top. I haven't programmed an iOS app though so I wouldn't know for sure.
Yeah the NY times article was scaremongering and partially wrong but the 'bad' thing Uber did here was break the Apple TOS which say developers should not be fingerprinting users devices.
You're supposed to be able to install an app, uninstall it and then the next time you install the same app the company has no idea it is a second installation.
Apple have tried to give each app a new unique udid, unlike the old days of iOS where everyone read the same UDID