After tricking govt regulators, Uber got caught breaking Apple's iOS App Store rules

Posted:
in iPhone edited June 2017
In 2014, Uber was discovered to be blocking authorities from seeing its cars in order to evade regulations or bans in a series of locations including Paris, Las Vegas, China and South Korea. The next year, Apple found out Uber was also flouting its iOS developer rules to identify users' devices by hardware ID--and nearly got kicked out of the App Store over it.


Uber CEO Travis Kalanick. Source: Danny Moloshok/Reuters


A new report by Mike Issac for New York Times profiled various high-risk gambles taken by Uber's chief executive Travis Kalanick, following up on an earlier article from March that specifically detailed the "Greyball" evasion software it created to fool authorities.

Issac noted that in early 2015, Uber was summoned to Apple's offices for violating Apple's privacy guidelines. Uber's goal had been to block fraudsters from creating multiple fake accounts on the same iPhones in order to collect new account bonuses.

However, Uber attempted to do this by collecting the UUIDs (essentially a unique hardware serial number) of iOS devices that had installed the Uber app. Apple has worked to prevent its app developers from accessing this information or collecting it.

It is not illegal to do this on Android, where there are far fewer restrictions on collecting data from or about users. In fact, Google itself facilitates device tracking on Android, and advertisers from Amazon to Facebook work to exploit the easy access Android openly offers to developers, malware writers and governments.

Once Apple found out about Uber's activity, Cook brought Kalanick into his office and reportedly stated, "So, I've heard you've been breaking some of our rules," and threatened to block Uber's app from the iOS App Store unless the company backed down. Uber heeded Apple's demands. While Uber's behavior on iOS was reported as "tracking," what it was really doing was collecting identifying hardware ID numbers

While Uber's behavior on iOS was reported as "tracking," what it was really doing was collecting identifying hardware ID numbers, so that even if a user deleted the Uber app or reformatted their device, Uber could later identify the device as having been previously used by the Uber app.

Uber never had the ability to "track" users' location or otherwise control or monitor iOS devices once the user deleted the Uber app or turned off its Location Services. On other computing platforms, it is possible for software to install secret tracking software that the end user won't know exists. This is common on Windows and Android, and can be done on Macs when users install malicious software using administrator permissions.

More privacy problems

In April 2015, Uber poached Apple lawyer Sabrina Ross to work on an internal team focusing on privacy law. Ross had worked at Apple for a little over one year. The interest in bolstering privacy lawyers appeared to be related to a dustup over Uber drivers' ability to track passengers' location for some period of time after their ride completed.

Later that summer, AppleInsider reported that the Electronic Privacy Information Center had filed a Federal Trade Commission complaint against Uber for seeking an expansion of its location tracking and and access to users' contacts.

Uber's defense was that users could disable location tracking and access to contacts on their own if they wished, but that was only true for iOS. On Android, apps commonly ask for broad access to all kinds of data and make users' approval requisite to use the app; there is no way to turn contact syncing off for the app on Android.

Facebook and other apps have similarly long grabbed broad access to Android users' data in ways that are commonly blocked on iOS because of Apple's strict "Walled Garden" App Store rules to protect users' privacy.

Apple backs Lyft's Chinese partner Didi Chuxing

A year later in May 2016, Cook announced a $1 billion investment in Lyft-aligned Chinese ridesharing service Didi Chuxing, which had been involved in intense, expensive competition with Uber to establish itself in China.

After Apple's investment, Uber decided to give up on China and sold off its Chinese business to Didi for $1 billion, as well as accepting a $1 billion investment from Didi to fund its operations outside of China.

Didi and Apple have not revealed many details about their partnership, but both companies are working on self driving vehicle projects in Silicon Valley. Didi recently hired security expert Charlie Miller away from Uber's self-driving team to lead its own security and safety development teams.

Both Didi and Uber have also hired away talent from Google's Waymo self driving car project, which subsequently sued Uber over improperly obtaining its trade secrets.
«1

Comments

  • Reply 1 of 34
    hmurchisonhmurchison Posts: 12,419member
    Proud that i've never paid Uber for anything.
    mwhitepulseimagescalifotoformatirelandbrian greenmagman1979lordjohnwhorfinpscooter63randominternetperson
  • Reply 2 of 34
    SpamSandwichSpamSandwich Posts: 33,407member
    To the author (whoever you are, I can't see your name on the mobile site):  There are several strings of sentences that are repeated. This duplication should be edited out.
  • Reply 3 of 34
    SoliSoli Posts: 10,035member
    Samsung and Google have nothing on Uber.
    hmurchisonmwhitemagman1979lostkiwiwatto_cobrastantheman
  • Reply 4 of 34
    calicali Posts: 3,494member
    Didi can't come soon enough. 
    andrewj5790watto_cobra
  • Reply 5 of 34
    qwweraqwwera Posts: 281member
    As far as their drivers and the service I've received, it's been very good. But everyone's reputation and trust come from actions. And with everything we've heard about Uber culture and deciet, I doubt I we can or should trust them.

    I feel bad for their drivers. The ones I've met have a full time job and uber on the side to make ends meet.
    watto_cobrastantheman
  • Reply 6 of 34
    sflocalsflocal Posts: 6,092member
    A classic example by Uber is to ask for forgiveness than permission.  What a scumbag company.  Lyft is a far better company to use.
    Solihmurchisonlordjohnwhorfinjahbladelinkmanpscooter63retrogustohmmwatto_cobraairnerd
  • Reply 7 of 34
    seanismorrisseanismorris Posts: 1,624member
    That's one Uber data grab...
    watto_cobraargonaut
  • Reply 8 of 34
    anomeanome Posts: 1,533member
    sflocal said:
    A classic example by Uber is to ask for forgiveness than permission.  What a scumbag company.  Lyft is a far better company to use.
    I thought it was to deny doing anything wrong, and complain that the people accusing them of wrongdoing are trying to stop innovation.
    leavingthebiggwatto_cobrastantheman
  • Reply 9 of 34
    I hate Uber because I am a German teacher and the company's name should be "Über". The is no such word as "Uber", a common German preposition.
    watto_cobraargonautddawson100BuffyzDead
  • Reply 10 of 34
    SoliSoli Posts: 10,035member
    P-DogNC said:
    I hate Uber because I am a German teacher and the company's name should be "Über". The is no such word as "Uber", a common German preposition.
    That's stupid.
    randominternetpersonairnerdjbdragon
  • Reply 11 of 34
    They're total scum. Who remembers the origin of their name dates back from the first law suit where the city of San Francisco accused them of running an unlicensed cab service? At the time they were still called... UberCab, a dead giveaway that they were totally guilty. 
    Most of their drivers commit financially and end up caught in a slave job where they must work grueling 12 hour days to turn a profit -- when all is said and done, most Uber drivers make significantly less than minimum wage per hour. It's a job for suckers, and even that is too much for Uber who can't wait to replace its slave labor with robots.
    Meanwhile, they're quite happy to pay themselves handsomely in the process. Hey, it's their right, but I refuse to patronize such a despicable company.
    watto_cobrastantheman
  • Reply 12 of 34
    NemWanNemWan Posts: 118member
    P-DogNC said:
    I hate Uber because I am a German teacher and the company's name should be "Über". The is no such word as "Uber", a common German preposition.
    http://www.slate.com/articles/life/the_good_word/2014/03/chick_fil_a_spelling_why_so_many_brand_names_have_spelling_and_punctuation.html
    pscooter63randominternetperson
  • Reply 14 of 34
    P-DogNC said:
    I hate Uber because I am a German teacher and the company's name should be "Über". The is no such word as "Uber", a common German preposition.

    I thought proper nouns were exempt from grammar?
    watto_cobrastantheman
  • Reply 15 of 34
    jblongzjblongz Posts: 165member
    Uber had to used some tactics for service in Taiwan, since it's illegal there.  Still the best experience for me, particularly abroad.
  • Reply 16 of 34
    GeorgeBMacGeorgeBMac Posts: 11,421member
    Uber's CEO apperently operates with no ethical foundation at all.   He will do whatever will get him what he wants.   If that involves breaking rules or laws or even a little treachery... Well, nothing personal, just business.... 
    stanthemanrandominternetperson
  • Reply 17 of 34
    gatorguygatorguy Posts: 24,176member
    John Gruber has an interesting post about why Uber did this and it's not for what we might assume:

    "At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way".

    "the Uber app is deleted from the device and/or device is wiped. At this point, Uber knows the fingerprint for the device, but can’t use it to track the device in any way, and they don’t care, because until someone reinstalls the Uber app on the phone it isn’t being used to book fraudulent rides.

    The Uber app is reinstalled on the iPhone. When it launches, it does the fingerprint check and phones home again. Uber now knows this is the same iPhone they’ve seen before, because the fingerprint matches."


    stantheman
  • Reply 18 of 34
    boredumbboredumb Posts: 1,418member
    So..."too big" not to be given a second chance?
    watto_cobra
  • Reply 19 of 34
    bloggerblogbloggerblog Posts: 2,462member
    P-DogNC said:
    I hate Uber because I am a German teacher and the company's name should be "Über". The is no such word as "Uber", a common German preposition.
    I remember when language experts where harshly criticizing Apple's ad campaign because they couldn't wrap their heads around Apple's "Think Different" campaign.
    But this case is different since "Uber" is used as a proper noun, which hints towards the original German word "Über".
    Besides, English teachers aren't hating on Lyft for spelling it with a "y".
    randominternetperson
  • Reply 20 of 34
    crowleycrowley Posts: 10,453member
    gatorguy said:
    John Gruber has an interesting post about why Uber did this and it's not for what we might assume:

    "At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way".

    "the Uber app is deleted from the device and/or device is wiped. At this point, Uber knows the fingerprint for the device, but can’t use it to track the device in any way, and they don’t care, because until someone reinstalls the Uber app on the phone it isn’t being used to book fraudulent rides.

    The Uber app is reinstalled on the iPhone. When it launches, it does the fingerprint check and phones home again. Uber now knows this is the same iPhone they’ve seen before, because the fingerprint matches."


    If that's true, I'd say this is a fairly benign violation.

    Nevertheless, they're a shitty company and I'd love to see them kicked from the App Store.
    watto_cobra
Sign In or Register to comment.