Uber has denied any wrongdoing following reports that the mobile devices of former users were tracked even after the Uber app was deleted.
Uber has had more than a share of criticism of late. Uber CEO Travis Kalanick was recently caught engaged in a shouting match with one of his drivers, allegations of a toxic and sexist corporate environment have been made by a former engineer, and Uber’s response to President Trump’s immigration ban caused outraged users to create the #DeleteUber campaign and delete their accounts en masse.
Uber has been known to use dodgy software tricks to achieve its goals, such as in the case of the Greyball program which tweaked user apps to track cops and avoid authorities in areas where the ride-hailing service is frowned upon.
It now appears that the company has also tracked iPhone users even after the Uber app is removed from these devices.
The New York Times reports that in early 2015, Kalanick was summoned to Cook’s office after Apple engineers discovered a practice called “fingerprinting,” which is banned by Apple’s privacy requirements.
Kalanick reportedly directed his staff to use this technique as an anti-fraud measure due to problems in China, where users were registering multiple Uber accounts on stolen iPhones and booking rides. The more rides booked, the more rewards and bonuses Uber issued to drivers.
In order to mask these activities from Apple, Uber engineers geofenced Apple’s Cupertino, California headquarters which would, in theory, prevent anyone from this area from reviewing Uber’s software by obfuscating the code within this region — keeping Apple unaware of the fingerprinting taking place.
However, it was not long before Cook was made aware of Uber’s games. In the meeting, the Apple chief told Kalanick that he’d “heard you’ve been breaking some of our rules,” and the Uber CEO either adhered to app guidelines, or the software would be removed entirely from the Apple App Store.
The consequences of such a move would be severe as Uber would lose millions of iPhone users and the likelihood of being stripped of such a customer base would potentially destroy the company.
Unsurprisingly, Kalanick complied with Cook’s demand.
In a statement, an Uber spokesperson told The Verge:
“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone –over and over again.
Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
Speaking to TechCrunch, Uber said that a form of device fingerprinting is still in use, but one that complies with Apple’s rules. If a device has been associated with fraud in the past, new sign-ups now raise a red flag.