Support NeoGAF

[giga]

NYT exposé on Uber's CEO shady practices:
https://www.nytimes.com/2017/04/23/...c=rss&smid=tw-nytimes&smtyp=cur&_r=1&referer=

SAN FRANCISCO — Travis Kalanick, the chief executive of Uber, visited Apple's headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading.

For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple's engineers. The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple's privacy guidelines.

But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. ”So, I've heard you've been breaking some of our rules," Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber's app would be kicked out of Apple's App Store.

For Mr. Kalanick, the moment was fraught with tension. If Uber's app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company's business. So Mr. Kalanick acceded.

More details:

At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.

To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called ”fingerprinting." Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

There was one problem: Fingerprinting iPhones broke Apple's rules. Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner's identity remained on the device.

So Mr. Kalanick told his engineers to ”geofence" Apple's headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber's software in a specific location. Uber would then obfuscate its code from people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber's fingerprinting.

The ruse did not last. Apple engineers outside of Cupertino caught on to Uber's methods, prompting Mr. Cook to call Mr. Kalanick to his office.

Mr. Kalanick was shaken by Mr. Cook's scolding, according to a person who saw him after the meeting.

 

[shira]

begun the app wars have

 

[BronsonLee]

'Bitch I fuckin' caught you'

 

[The Real Abed]

Good on Apple.

 

[smokeandmirrors]

Man FUCK uber.

 

[shoelacer]

Man, uber are a really scummy company. Cook should have booted them. Too late now.

 

[Mimosa97]

Kalanick is the next Ted Faro.

 

[AstroNut325]

Really respect Apple's attention to privacy.

I really need to stop giving money to Uber.

 

[Xando]

Kalanick in Tim Cooks office

 

[old manatee]

Uber seriously needs to be burned to the ground. It's incredible how corrupt it is considering it's just a simple ride service.

 

[metalslimer]

Haha good. Ubers business is awful and they have no leverage in this situation. Cook should have banned them for a few months to send a message.

 

[dc89]

Tim got em told.

 

[RS4-]

Fuck Uber

 

[entremet]

Travis Kalanick is a creep.

 

[Majine]

Weird if Apple is so pissed at Uber considering they have been featured heavily in Apple keynotes, and I'm talking after 2015 too.

 

[Wanda/Wander]

 

[faceless007]

Should have just revoked the app and publicly stated why to prove their stance on privacy. Also I'm disappointed that (as far as the article says, though maybe it just wasn't reported) they didn't make Uber delete their collection of fingerprint info.

 

[Enco]

So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code from people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.

What a bunch of fucking snakes.

 

[kingocfs]

Wow. Never using them again.

 

[Funkyhamster]

So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code from people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.

I'm confused by this bit. What mechanism were the Apple employees using to look at the code? If source code is submitted to the App Store when publishing an app, it would be impossible for Uber to impose controls over who can access it, and if the Apple employees were looking at the binaries downloaded onto an iPhone, why wasn't Uber already using those obfuscation techniques everywhere already?

Maybe the article is using imprecise terminology since it's written for a general audience. The geofencing would make sense if Apple was inspecting network traffic out of the Uber app -- the app could choose to not send fingerprints if it was running inside the Cupertino headquarters.

 

[Very Berry Sunday]

if Uber is a bad company, then what ride service should I use instead?

 

[HStallion]

Kalanick is the next Ted Faro.

Here is an idea. Let's make our cars not only self driving but self replicating and they can consume biomass as a fuel source in emergencies. What's the worst that could happen?

 

[echoshifting]

if Uber is a bad company, then what ride service should I use instead?

Lyft

 

[Stencil]

Should have just revoked the app and publicly stated why to prove their stance on privacy. Also I'm disappointed that (as far as the article says, though maybe it just wasn't reported) they didn't make Uber delete their collection of fingerprint info.

Would have been an effective way to publicize this shady practice. I feel like a lot of my peers who use the app will never hear of this shady practice due to their lack of tech industry knowledge.

 

[BigAT]

But it seems like Apple took no actual action except to scold him? Seems like there should be some sort of punitive response to such shitty behavior.

 

[infiniteloop]

Don't see how uner can track the phone after the app has been deleted? While installed, sure.

 

[Vuze]

Don't see how uner can track the phone after the app has been deleted? While installed, sure.

I guess when the new owner decides to install uber again.

 

[RedNalgene]

Wow. As far as I'm concerned this is the nail in the coffin for me. I was contemplating deleting their app already but this is pushing me over the edge. What a bunch of scumbags.

 

[Lagspike_exe]

Cook was actually quite cool here. If he was more of a shady kind, he could use this to racketeer Uber for large sums in order not to kick him out legally.

 

[tiredheadcrab]

Damn Apple doesn't fuck around with the privacy of its customers. Good on them. It's a good reason to choose iOS.

 

[Pharaun]

Tim Cook is nicer than I am. I would have removed the Uber from the app store and then asked Kalanick to come over and explain why it should be reinstated.

 

[Koppai]

Lyft

Lyft and Uber usually aren't available in the same places these days.

 

[commedieu]

I once defended uber. I feel so stupid now. Deleted it a while back. But it's like they stoop to new lows of decency every hour.

 

[jon bones]

yeah i'm switching to lyft

 

[crisdecuba]

He should have kicked them out altogether or kicked them out for a month or something. This isnt even a slap on the wrist.

 

[Camper Van Beethoven]

He should have kicked them out altogether or kicked them out for a month or something. This isnt even a slap on the wrist.

99% of customers would look negatively at Apple for doing it.

 

[Socivol]

Kalanick is the next Ted Faro.

Lol! Uber is such a trash company. They treat the customers and drivers like shit I don't understand why anybody (with an alternative) uses it.

 

[Mimosa97]

Here is an idea. Let's make our cars not only self driving but self replicating and they can consume biomass as a fuel source in emergencies. What's the worst that could happen?

Don't give them ideas you fool !

Spoiler

But I want my self driving car so bad

 

[dkeane]

Wow, fuck uber. Glad I've stopped using them

 

[RoKKeR]

What a shitty company.

Have a lot of respect for Tim Cook.

 

[metalslimer]

He should have kicked them out altogether or kicked them out for a month or something. This isnt even a slap on the wrist.

I agree but as a CEO of Apple he has immense power in that he can destroy entire businesses if he wants to. While he wants to protect privacy Uber doesn't have competition in many places and iPhone users would be left with no app if he just got rid of it

I wish Lyft would come back to Houston so I could drop Uber

 

[UnemployedVillain]

Lyft and Uber usually aren't available in the same places these days.

Since when? If you live in a major city this definitely isn't the case, unless Uber has already been kicked out

 

[Chittagong]

Should have publicly booted Uber for a month. Can't believe what a shitty company they are.

 

[tokkun]

Would have been an effective way to publicize this shady practice. I feel like a lot of my peers who use the app will never hear of this shady practice due to their lack of tech industry knowledge.

I doubt most people really care if Uber could determine whether a phone had previously been used to redeem an Uber offer. The story here isn't really about Uber screwing customers, but rather it being another piece (along with the other stories) showing how deep Uber's lack of scruples went.

Don't see how uner can track the phone after the app has been deleted? While installed, sure.

It didn't actively track the phone with the app uninstalled. When you installed the app, it took a fingerprint of your phone based on the hardware, then that fingerprint gets stored on Uber's servers. Since the hardware stays the same, it will always generate the same fingerprint. Therefore Uber can determine if a phone has previously installed their app by comparing its fingerprint against their database, even if you've done a factory reset.

Microsoft does something similar with your PC when you install Windows. It's the reason why you sometimes need to reactivate Windows when you change some of the hardware, like your motherboard - because the hardware fingerprint has changed.

 

[Hubbl3]

Don't see how uner can track the phone after the app has been deleted? While installed, sure.

It says they tried to hide what their app was doing and that Tim Cook accused them of breaking some of Apple's rules regarding apps, so maybe they had some kind of daemon that ran independent form the actual app that stayed on your phone

Edit: Nevermind, I see what it was now

 

[kmfdmpig]

It's obvious that they knew they were doing something unethical, which is why they took such measures to block those in Apple's area from detecting it. That reminds me of Volkswagen's emissions issue.

 

[Zackat]

Kalanick is the next Ted Faro.

oh damn

 

[Vilix]

I love Tim Cook. My privacy is very important. That's why I stick with Apple.

 

[KingV]

Uber seriously needs to be burned to the ground. It's incredible how corrupt it is considering it's just a simple ride service.

Yeah, this was a final straw. I just deleted it.

 

[Tadaima]

I don't really see the big deal here. It seems that Uber was basically storing a mac address or equivalent (similar to an IP address, but linked to your device rather than your network) to prevent fraud.

Uber is not tracking you; the server simply checks if you have already signed up when unauthenticated. This is against Apple's rules for various reasons (portability when upgrading to a new model of phone, used phone sales, etc), but it makes business sense for Uber to be checking that each device is indeed unique.

It seems that most of the replies in this thread aren't well-researched.