Uber Tried To Hide Its Secret IPhone Fingerprinting From Apple

theodp quotes today's New York Times profile of Uber CEO Travis Kalanick: For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple's engineers. The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple's privacy guidelines.
Uber told TechCrunch this afternoon that it still uses a form of this device fingerprinting, saying they need a way to identify those devices which committed fraud in the past -- especially in China, where Uber drivers used stolen iPhones to request dozens of rides from themselves to increase their pay rate. It's been modified to comply with Apple's rules, and "We absolutely do not track individual users or their location if they've deleted the app..." an Uber spokesperson said. "Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users."

The article offers a longer biography of Kalanick, who dropped out of UCLA in 1998 to start a peer-to-peer music-sharing service named Scour. (The service eventually declared bankruptcy after being sued for $250 billion for alleged copyright infringement.) Desperately trying to save his next company, Kalanick "took the tax dollars from employee paychecks -- which are supposed to be withheld and sent to the Internal Revenue Service," according to the Times, "and reinvested the money into the start-up, even as friends and advisers warned him the action was potentially illegal." The money eventually reached the IRS as he "staved off bankruptcy for a second time by raising another round of funding." But the article ultimately argues that Kalanick's drive to win in life "has led to a pattern of risk-taking that has put his ride-hailing company on the brink of implosion."

FTFY

"has led to a pattern of risk-taking that has put his taxi company on the brink of implosion."

There. FTFY.

Re:FTFY

[Uberbah]

Yes, the horrors of having professional drivers who make a living wage, don't have to pay for maintenance on the cars they drive, and who carry hundreds of thousands in passenger insurance as opposed to the $25,000 you can count on from your Uber driver's All State policy. Horrors, I tell you!

Re:FTFY

[gsslay]

Being, in your estimation, above other taxi companies does not change the fact that Uber is still a taxi company. Uber have obvious interests in claiming they are not a taxi company. But if you provide a service like a taxi company, in vehicles like a taxi company, with drivers like a taxi company, charging a fare like a taxi company, then there's no denying you are a taxi company. The addition of an app doesn't change that.

Uber tries to hide just about everything

[turkeydance]

there must be a Clinton angle somewhere

Re:Uber tries to hide just about everything

[PolygamousRanchKid+]

. . . they are certainly doing extremely well at hiding their profit.

They simply remember your UDID

[ugen]

The *tracking* is based on Uber saving device UDID, so that they know who you are even if you later reinstall the app and use a different account. While Uber is evil in many ways, this UDID "tracking" is not what the article makes it appear - Uber certainly cannot "track" anyone in any way once their app has been removed.
In fact, I am not sure why go to such great lengths to obtain UDID when device MAC address is readily available (and must be for variety of software to work) and globally unique.
This also smacks of those scaremongering sites that start with a banner like "Your computer is broadcasting a unique IP address" and lead to hard sell of overpriced VPN service or bs apps to "hide your IP".

Re: They simply remember your UDID

[sphealey]

= = = eah the NY times article was scaremongering and partially wrong but the 'bad' thing Uber did here was break the Apple TOS which say developers should not be fingerprinting users devices.= = =

Who would have ever thought that a company founded on the principle [sic] of breaking the law in multiple jurisdictions would ignore and circumvent the terms and conditions, to which they agreed, of an entity with which they do business. Whodathunkait.

Re:They simply remember your UDID

[santiago]

In fact, I am not sure why go to such great lengths to obtain UDID when device MAC address is readily available (and must be for variety of software to work) and globally unique.

MAC Address is no longer available since iOS 7. You can request it, but you'll get the same fake value of 02:00:00:00:00:00 on every iPhone. UDID is not available, either.

There's IDFV, the Identifier For Vendors, which is different for each vendor on the phone, and gets reset if you remove all the apps from that vendor on the phone. (That is, two apps from Google will see the same IDFV, but a different one from the one Facebook sees.)

Then there's IDFA, the Identifier for Advertisers, which the user can reset at any time via system settings, and which Apple will reject your app for if they catch you using it for anything other than ad-tracking.

The end result is that there is no longer any stable cross-app identifier that survives app uninstalls and user attempts to avoid tracking, by explicit design.

Re: They simply remember your UDID

[Motherfucking+Shit]

They're adding functionality that Apple refuses to do.

Apple refuses to do it for a valid reason, and I see Apple as the ethical winners here. If Uber is experiencing a high rate of fraud, that's a business process problem that needs to be addressed within Uber's own internal systems. Considering Uber can afford a "competitive intelligence" team that buys and crunches data about Lyft, and they can afford to develop "Greyball" deception tools to evade law enforcement, they should also be able to afford a couple of employees to build some better fraud detection into their signup process. A little less offense and a little more defense might be a rewarding strategy.

Thousands of other companies conduct business via iOS apps without resorting to breaking the rules. Uber is showing once again that they don't give a fuck about the rules, and that puts them squarely outside of the "ethical right."

Re:This article would have been nice two days ago

[rtb61]

Worried about what they are seeing you do, then let them see a whole bunch of stuff you do not do, why try to steam the flow of your privacy when you can deluge them with a flood http://www.cs.nyu.edu/trackmen... and https://adnauseam.io/. I am also thinking email games might be interesting to floor every possible channel with useless information, even all the spy vs spy stuff. Say an email game where one side plots to assassinate the president of Ameriganislav and the other plays as agents, trading emails with plots and encryption for the other side break, when side plotting the assasination and the other side trying to foil the plot a game to punish the professionally paranoid illegally spying on everyone with a flood of suggestive data to poison spy data bases, the game run from a web site.

So as many way as possible to generate false data at many, many mutliples of real data generated. A personal profile made totally meaningness and as a bonus the more you generate the more they must spend to store it. Double their data storage bill, triple it, how about increasing storage requirements hundreds of times over. Think of all the time, you are not on there internet but your computer could be, generating volumes of false empty data, hundreds of thousands of web visits you never went to, hundred of thousands of searches you never did, emails you never sent, your computer and software flooding marketers with empty data they have to pay to store.

Re:I still LOVE Uber

[quantaman]

breaking rules is fine as long as the reward exceeds the penalty.

The word you're looking for is 'capitalism'.

I guess so, though I think the real issue is that business people basically think of these laws the same way a hockey player thinks about the rules of hockey. Sure, you're not supposed to hook another player, but you're going to end up hooking sometimes because that's how the game goes, and sometimes even if you're caught the reward is big enough that it's considered a "good penalty". In this context people like Kalanick are basically hockey pests, people who succeed by their ability to skirt as close to the edge of the rules as possible.

Or perhaps they think about things like fraud, false advertising, and ripping off employees the way we think of traffic violations. You're not supposed to speed, but everyone does it to some extent.

I'm not sure what has to be done to make politicians and companies take law-breaking companies seriously, but it doesn't seem to be happening.

example

[Tom]

Uber is actually a good example of what's going wrong with the world: They are openly criminal and it works. It's Al Capone all over again. Everyone knows what they are doing, but they're too slippery to be nailed.

Same with the tax evasion of multinational cooperation, wars based on invented bullshit, election frauds done almost openly (like in Turkey), and so on.

Minority Report may have been on to something: The legal system working after the fact, and with a delay often measured in years, does not deter criminals. If you can take over a country, or become a billionaire, the threat that ten years from now they might file charges which your $1000/h lawyers will then simply drag through the courts for twenty years - well, that is not a very threatening thing especially for people trained to think primarily about next quarter.

Re:CEO needs to go

[jandersen]

The Uber CEO needs to go. He's what's keeping Uber from being great.

From what I hear about Uber, it seems they in so many ways act and think like criminals, but manage to keep just on the legal side of the law. Mostly. That said, though, they are just an extreme example of all the worst aspects of capitalism: the underhandedness, the ethos that says 'if we can get away with it, it must be OK', the lack of genuine care and consideration for their employees, customers and society, the sense of entitlement take what they want no matter what.

It is really sad, I think - there is a good kind of capitalism, where a clever, hardworking man or woman can grow a business from little more than their own abilities and determination, but the whole concept gets a grubby taint from the likes of Uber.

Re:Still better than taking the bus!

[Chrisq]

Is this Fox News or Info Wars? No, so no it isn't Trump. p.s. The fact that this site has text on it should have given it away as well.

It's Mike Pence. He's worked out that Slashdot is the one part of the internet where he can guarantee he won't end up talking to a woman.