Travis Kalanick speaks onstage during the Vanity Fair New Establishment Summit.

Uber Tracks User Devices After Their App Gets Deleted, CEO In Trouble?

Uber CEO Travis Kalanick once drew the ire of Apple’s Chief Executive, Tim Cook. It appears that the app for the ride-hailing service has been tracking users’ devices, even after they deleted the Uber app.

A report by the New York Times stated that Kalanick met Cook once in 2015; a session the former was “dreading.” It seems that Kalanick was trying to get his employees to help him camouflage the Uber app so that Apple engineers could not identify the bold move.

But Apple had detected the violation anyway, as Cook gave Kalanick an ultimatum. They broke Apple’s rules, and getting on the bad side of the Apple exec would be the last thing they want to have on their plate right now. Cook demanded for Uber to “Stop the trickery,” lest their app be kicked out of the App Store.

Apple CEO Tim Cook speaks on stage during a product launch event on October 27, 2016 in Cupertino, California. Apple Inc. unveiled the latest iterations of its MacBook Pro line of laptops and TV app.
Tim Cook, Apple CEO [Image by Stephen Lam/Getty Images]

Uber and its CEO released a statement in defense against the allegations of terms violations. They said, in a recent response as reported by TechCrunch, that what they did was “common industry practice used to prevent fraud and account compromise.”

They added that what they did was one way of controlling an exploit that can potentially grant drivers rewards they did not actually earn. Uber rewards their drivers based on the number of rides they get. Theoretically, drivers can install the Uber app on multiple phones and get fake rides credited to their accounts.

Uber stated that this was one of the schemes they were trying to protect themselves against. By using a “device fingerprinting” technique, they could minimize the risk of fraud in busier locales like China.

On the other hand, Will Strafach, president of the Sudo Security Group, analyzed the code for the 2014 version of Uber’s app and declared that he found out how the ride-hailing app is tracking devices. The TechCrunch report mentioned above contained the technical specifics, but suffice it to say, he found protocols that were “very much forbidden.” He did add that “tracking after uninstall” was just a case of bad phrasing; what the app actually did was “tracking between reinstall/uninstall.” Yet he also implied that it changes nothing, as this kind of tracking is still forbidden by Apple.

The Uber app logo is displayed on an iPhone on August 3, 2016 in London, England.
The Uber App, alleged to have malicious code that tracked devices even after uninstalling. [Image by Carl Court/Getty Images]

What’s more, Uber “geofenced” Apple’s Cupertino headquarters so that engineers in that location would not find out about the incriminating code. However, Apple engineers in other locations found out about it anyway, which led to the discovery. This was actually what prompted Apple CEO Tim Cook to summon Kalanick to a meeting.

Uber did comply with Cook’s demands. However, the company admitted that they are still fingerprinting devices, primarily to protect themselves against fraudulent behavior. They did not discontinue fingerprinting; more like they just modified the code so that it would comply with Apple’s standards.

“We absolutely do not track individual users or their location if they’ve deleted the app,” an Uber spokesperson said. “The New York Times story noted that this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone — over and over again.”

It seems that Uber is taking steps to ensure that their app does not violate any more rules. In 2016, for example, it was reported that they have been tracking users even when the app is not in use. They responded by saying that it only tracks users about five minutes before or after a ride, to ensure a more accurate pickup location. In addition, tracking is based on user accounts, and not on devices. The user must also enable location services for it to work.

[Featured Image by Mike Windle/Getty Images]

Comments