Back in 2015, Uber apparently violated Apple's privacy laws as it tried to tackle fraud, according to a report. Here are both sides of the story
Uber, the global ride-hailing app, is known to operate in the grey area when it comes to regulations and the law. This though is a common pattern among most disruptive ventures trying to bring a radical change in an existing industry. But Uber seems to have tested the limits to a great extreme. According to a report in The New York Times, Tim Cook, CEO of Apple, had apparently reprimanded Travis Kalanick, CEO of Uber, in early 2015 for secretly identifying and tagging iPhones even after Uber's app had been deleted and the devices erased.
While Uber was apparently using this in markets like China to a serve as fraud detection maneuver, it also violated Apple’s privacy guidelines.
According to The New York Times report, the idea of fooling Apple, which is one of Uber's main distributors of its app (apart from Google's PlayStore), began in 2014.
Uber was then competing with Didi Chuxing and trying to win the Chinese market. But Uber was faced with widespread account fraud in China, where tricksters bought stolen iPhones that were erased and resold. Some Uber drivers would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request and accept rides from those phones. Since Uber was handing out incentives to drivers to take more rides, the drivers earned more money through this fraudulent activity.
To halt this, Uber engineers apparently assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” This allowed Uber to identify an iPhone and prevent itself from being fooled even after the device was erased of its contents. But 'fingerprinting' iPhones also broke Apple’s privacy rules.
To prevent detection from Apple, Kalanick had apparently told his engineers to “geofence” Apple’s headquarters in Cupertino, California, a way to digitally identify people reviewing Uber’s software in a specific location. The New York Times report noted,
Uber would then obfuscate its code for people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.
But Apple engineers outside of Cupertino caught on to what Uber was doing and this led to Cook calling Kalanick to Apple's headquarters and reprimanding him for his practices. According to The New York Times, Cook is known to have told Kalanick,“So, I’ve heard you’ve been breaking some of our rules.” He then told Kalanick to stop the trickery, failing which Uber’s app would be kicked out of Apple’s App Store.
YourStory reached out to Uber for comment on this incident and they responded with this statement,
We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone — over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users' accounts. Being able to recognise known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.