Uber secretly identified and tagged iPhones even after its app had been deleted and the devices erased

Originally published at: http://boingboing.net/2017/04/23/uber-secretly-identified-and-t.html


Given everything we know about Uber’s corporate culture and actions, inside and out: of course they did.

At this point I’m just hoping they crash and burn fast enough that the taste of this, and Tesla’s dumb idea of releasing half working auto-drive, will have washed out by the time Google releases an actually safe, functional self driving car.


Isn’t this actionable under stalking laws?


I don’t know about the US but here it is a criminal offence under the Misuse of Computers Act. Why aren’t they being prosecuted?


Suprised, considering BoingBoing’s general bent on these things, you didn’t also excerpt the later section that includes them buying anonymized email data from email digest companies like Unroll.me, and analyzing them for Lyft receipts to try and gauge how Lyft’s business was doing. Basically, buying the contents of people’s email accounts just to try and get a leg-up on the competition.


They spent much of their energy one-upping rivals like Lyft. Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft’s business.


That was an awfully long read, just to get to the last two paragraphs where it’s finally revealed why they would want to.


Oh well, they clean out your old trash, and sell it. Nothing wrong with that, right?


Shocking, not really…


Egomaniacs like Kalanick think they are the grizzly bear, but it appears that Cook just showed him who’s the real apex of their habitat. Unfortunately, I doubt his reaction to this episode will grant him much pause for reflection on his place in this world. If he keeps this up tho? He won’t have time for much else.


The Google lawsuit shows that he’s a slow learner in that area.



More like Fubar!


Uber wasn’t doing this to android users for some reason?

I’m a little concerned that they were able to get away with this for months… an app not being completely deleted when a user deletes it is pretty major to me


Uber gets device IDs on Android phones too.

However, they don’t need to try to hide getting it because there isn’t a prohibition against getting it. They just ask the user for permission while installing the app.

They even seem to explicitly say they’re getting it on their website: https://www.uber.com/legal/other/android-permissions/

The app is completely deleted. What Uber was doing is creating a device-specific unique identifier and sending it to their server - something Apple forbids.

There are actually valid reasons for why they may have wanted it - specifically Uber referral scams where you invite yourself to Uber, uninstall the app and reinstall it to get free credit. By ensuring the device ID hasn’t previously signed up, you could prevent this.


Which is even explained in the article.
For all the shitty things they have done and continue to do this is one I’d actually give them a pass on.
Same with the anonymized Lyft stats as some effort has been made to ensure it’s not actually violating anyone’s privacy. No different than seeing how long the line is at a competing restaurant or how many of the previous page URLs coming into your website are from a competitor.
In this entire article there was nothing actually bad. (IKR? Fucking amazing being as it’s Uber an all!)

1 Like

Having been involved in customer support for similar deals with other companies, I don’t see this as a valid reason. The stance of Microsoft and other companies is to say, “meh, give them the credit.”

1 Like

Except that the difference here is that Uber referral bonuses are in the hundreds or even thousands of dollars. One cannot merely shrug off duplicate promos of this magnitude as a cost of doing business. Uber was essentially tracking felony-level fraud by its drivers.

So? It’s not that I don’t see why they would want to do this, but I don’t think that should give them the right to decide they get to violate Apple’s privacy rules.

There are plenty of legal and technical alternatives they could have used, and if nothing else worked, the could just discontinue, devalue, or restrict the promotions in the regions where fraud was a problem. The rest of the world is under no obligation to make sure their business model works.


Does anyone know where I can read more on the precise Objective C code we are talking about here? Because I’m feeling very on the fence about this, like it is the media accidentally making a mountain out of a molehill because it happens to fit in to the narrative of “TK will push all boundaries”. (Of course, the thing about geofencing Apple HQ is just ridiculous. Like how better to ineffectively prevent discovery and also tacitly admit that you were knowingly violating the rules?)

The mountains are there to see. Uber has clearly earned most of the negative attention it is getting. As an IT guy, just wondering what the precise dimensions of this molehill are…


1 Like

You don’t know the volumes behind the credits I was talking about either, yet that was the policy.

1 Like

Kalanick is certainly at least a notch below where he wants to be; and at least a couple short of Cook; but it is worth keeping in mind that, despite Cook theoretically holding all the cards, he got off with nothing more than a vaguely stern talking to. Apple certainly doesn’t mind kicking people out of the app store when it suits them; but they didn’t.

Given that he is somewhere between ‘shameless’ and ‘actively thrives on conflict’, I doubt the telling-off hurt his little feelings; and he suffered no consequences. That’s what victory looks like.