back to article Uber cloaked its spying and all it got from Apple was a slap on the wrist

Uber hid its fingerprinting of iPhone users from Apple – techniques that would have had any other app thrown out of Apple's store. Uber retained the information even after the Uber app had been deleted and the phone had been wiped. Uber CEO Travis Kalanick got a personal reprimand from Apple CEO Tim Cook, but the app stayed put …

  1. Buzzword

    Symbiotic relationship

    Uber needs Apple users, obviously; but Apple also needs Uber. If you're a regular Uber user and you suddenly find out you can no longer use the app because of some legal squabble, you'll rush out and buy the first Android phone you see.

    Once a user has converted to Android, they're unlikely to spend $969 on a new iPhone in two years' time. That's a big loss for Apple.

    1. Anonymous Coward
      Anonymous Coward

      Re: Symbiotic relationship

      I don't see that - people buying a phone just for one specific app?

      That said, I have questions for Tim Cook here as I find this news (if it is correct) extremely disappointing as Apple was doing actually rather well in matters concerning privacy - if this is correct it appears Tim Cook has undermined this by favouritism.

      Not good, and if Apple doesn't provide a proper and sane answer to this it will cause lasting damage IMHO.

      1. Anonymous Coward
        Anonymous Coward

        Re: Symbiotic relationship

        That said, I have questions for Tim Cook here as I find this news (if it is correct) extremely disappointing as Apple was doing actually rather well in matters concerning privacy - if this is correct it appears Tim Cook has undermined this by favouritism.

        Update: OK, this makes more sense better. The New York Times has more detail (I took the liberty to remove the tracking codes which, irony of irony, were inserted in the link I got off the IAPP) and it appears Cook has told him to stop it or get kicked out of the store. That's still more leeway than others have had with the App Store but it suggests Tim Cook wasn't as relaxed and accepting as suggested.

        It all fits in with Uber's approach to profit being mainly based on ignoring any laws that may get in the way. Now I know that Donald Trump has now more or less institutionalised this (and you'll find echos of his need to "win" there too), but Uber's mistake is thinking that that also applies outside the US, and I for one they get sued so deeply into the ground that their entire management chain will have to drive for Lyft for 5 years just to keep some food on the table. They make even Wall Street bankers look good. Heck, they make Trump look benign.

      2. William 3 Bronze badge

        Re: Symbiotic relationship

        Surely that depends on how much you use that app.

        Try thinking about things before spouting what YOU think how other people operate.

    2. Ian Michael Gumby
      Boffin

      @Buzzwords Re: Symbiotic relationship

      By that token its a two way street.

      1) You can still hail a cab via the App (Curb)

      2) You can still use Lyft

      3) You can figure something else out like hailing a cab the old fashion way.

      So what would happen if Uber suddenly lost 30-40% of its customers?

      Very public and issues like these won't be relegated to tech web sites but front page on half a dozen printed news papers and on the Tube.

      The other issue is which apps do you rely on?

      On my iPhone, I don't turn on location services because the ToS has it set to either be off or always on.

      Which means Uber can track you even if you're not using the app.

      I am close to removing the app altogether and just use a limo service when I need rides where I can't easily hail a cab or drive. And yes, limo services are cheaper than Uber when you factor in Uber's surge pricing.

      1. Neil Barnes Silver badge

        Re: @Buzzwords Symbiotic relationship

        >> So what would happen if Uber suddenly lost 30-40% of its customers?

        At a quick guess, I'd assume they'd just lose 30-40% less than they're currently losing.

      2. gnasher729 Silver badge

        Re: @Buzzwords Symbiotic relationship

        "On my iPhone, I don't turn on location services because the ToS has it set to either be off or always on.

        Which means Uber can track you even if you're not using the app."

        That's not how it works. Most likely, location services will just turn on GPS, which cannot be tracked. Your device might instead use phone towers or WiFi routers to determine its location, in the last case some Apple server will be asked if it knows the location of one router, this is supposedly anonymous, and it returns locations of all routers in some area, so if you walk around in your village your phone knows where all the routers are and doesn't ask Apple again.

        So if you believe Apple, then nobody can track you. If Apple is lying, then Apple can track you. In no case can Uber track you when you are not using an Uber app.

        And what Uber actually did was finding out whether you had uninstalled their app and installed it again, because apparently you could get a $20 voucher by doing this. Which they shouldn't be able to do (whatever method they used, you'd hope that Apple stopped it from working). And it's stupid, because if you buy a new phone and sell your old one, the buyer of your phone couldn't use Uber.

        1. Ian Michael Gumby
          Flame

          @Gnasher Re: @Buzzwords Symbiotic relationship

          So, you say :

          "That's not how it works. Most likely, location services will just turn on GPS, which cannot be tracked."

          I suggest you learn a little bit more about how GPS works and how location services works.

          And its AGPS or assisted GPS which uses land based Wi-Fi to help identify your position if you're not able to get enough GPS sat signals to locate your position accurately enough. Note: If you don't want anyone to use your SSID to identify your location, you just don't broadcast it. ;-)

          The point is that if location services is on and is always on, the app will wake up periodically and get the GPS location. (I would suspect that its not the GPS location but the AGPS location provided to the app by an Apple API call. Just if you want to get technical about it...) Then transmit that back to Uber. The GPS data and the unique identifier of the phone is enough to track you. The could use the app id too, but why bother since they want to know the actual phone which they do track.

          And if you want to get technical, the mobile phone company which operates the network automatically can track you based on where your phone is and is on. (Its always connected to a cell tower and because of that it can give your location to an approximate location just on that alone. ) I won't bore you with the details but within a city, your location within a .1 mile radius would be the norm, in the countryside, it would be a larger radius. Also as towers hand off your phone to the next cell tower in the network, they can track your path and give you a slightly more accurate picture of where you are.

    3. Anonymous Coward
      Anonymous Coward

      Re: Symbiotic relationship

      Pulling the app from the App Store wouldn't make it stop working on everyone's phone, it would simply stop updates and prevent new installs of the app.

      I don't think they're giving Uber in particular any special treatment here, more that they have to be more careful about removing ANY app that has millions of users, so they would do the same for any big time app like Facebook, Angry Birds, ESPN, etc.

      If some small time app no one has ever heard of with only 20,000 downloads was doing the same, pulling it from the App Store and telling them "we'll put it back when you remove the spycode, and pull it permanently if you ever try that again" is probably the right course. Sure, in an ideal world they'd do that to Uber as well, but they'd end up punishing their own userbase as much as they'd punish Uber.

      1. Vector

        Re: Symbiotic relationship

        " they'd end up punishing their own userbase as much as they'd punish Uber"

        Apple's userbase can use other ride sharing services, ones which, hopefully (possibly vain, but still), have more aboveboard and legal business models. Uber, on the other hand, needs to be seriously smacked upside the head for their continuing practice of doing whatever the fsck they want regardless of laws and ethical behavior.

        The idea that we can't punish a company operating illegally and unethically simply because some people like it is ludicrous.

      2. gnasher729 Silver badge

        Re: Symbiotic relationship

        "Pulling the app from the App Store wouldn't make it stop working on everyone's phone, it would simply stop updates and prevent new installs of the app."

        I think Apple _can_ remove apps from your phone. First, it's their OS, so they _could_ if they wanted to. But I would think that if it turns out that some app is stealing credit card numbers, and any reasonable person would say this app _should be_ deleted, then Apple can do it.

        1. Anonymous Coward
          Anonymous Coward

          Re: Symbiotic relationship

          Yes, Apple has the ability to remove apps from a user's phone, as does Google. But the bar is a lot higher than what Uber is doing before it would be exercised.

      3. gnasher729 Silver badge

        Re: Symbiotic relationship

        "Pulling the app from the App Store wouldn't make it stop working on everyone's phone, it would simply stop updates and prevent new installs of the app."

        Just saying: Apple _can_ remove an app from your phone. I don't know whether they have ever done it. I'm sure (and I hope) they would do it if an app was so dangerous to your financial health that removing it without your permission is better than leaving it there. If Uber fit into that category, it would have disappeared from your phone; apparently it didn't.

        PS. "Prevents new installs of the app" includes installs while restoring a backup of your phone. When you backup your iPhone, apps are not actually backed up, only a note that the app was installed, since obviously it can be restored from the app store when needed. So the app wouldn't be there if you bought a new phone and restored everything from your old phone.

    4. linear_

      Re: Symbiotic relationship

      Buying a whole new phone because you can't use one app?

      If I'm spending hundreds of $ on a phone, whether I can use it to order a taxi is pretty low down the list of priorities.

      1. Jared Vanderbilt

        You're not buying a second iPhone

        You're buying a $30 prepaid android from wally-world or bestbuy. I have an $8 a month prepaid Moto E2 on which I run several apps and an alternate ego that I prefer not to associate with my main line. That's $30 down and $100 per year for a quarantined sandbox to play in. If I Uber'd it would be on line 2.

        1. Anonymous Coward
          Anonymous Coward

          @Jared

          Who the heck wants to carry around two phones just to have a "sandbox" to play in. I wouldn't even if it was free!

    5. gnasher729 Silver badge

      Re: Symbiotic relationship

      Until Google decides that since Uber is apparently stealing their know-how in self driving cars, they don't want Uber on Android phones either. Yay, everyone buys Windows phones again!

  2. alain williams Silver badge

    Honesty

    seems to be considered optional by many CEOs these days. However if you, as an individual, breach their terms of service they see no problems in acting against you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Honesty

      I do not think it is CEO level only. A CEO, regardless how Dilbertian cannot do all that we are seeing on his own. It takes legions of PHBs which have been cloned into CEO's image to deliver this. As well as willing accomplice engineers.

    2. Graham Cobb Silver badge

      Re: Honesty

      We need some high profile actions (probably both legal and moral -- including a few boycotts) to demonstrate to (mainly US) corporations that Terms of Service are a two-way street. I have terms of service for suppliers of services to me, and they are just as important as the ones they have for their customers.

      They include no corruption, ethical behaviour and CSR. And if you violate them I will push hard to enforce them not just by cancelling my deal with you but by spending time, effort and money in convincing others to stop doing business with you and regulators to tie your behaviour down.

      If a government department really has destroyed evidence of unethical influence from Uber then I want to see someone go to prison for the destruction of the evidence.

      1. Anonymous Coward
        Anonymous Coward

        Re: Honesty

        We need some high profile actions (probably both legal and moral -- including a few boycotts) to demonstrate to (mainly US) corporations that Terms of Service are a two-way street. I have terms of service for suppliers of services to me, and they are just as important as the ones they have for their customers.

        If the population is willing to vote for someone like Trump on the basis of promises that are in no way credible when you look at the actual facts, what makes you think the public will even realise they're taken for a ride (umm, wait, it's Uber, try "deceived"), let alone act en masse?

        The world is divided into people who use Uber and thus are quite happy to take advantage of the fact that it breaks any laws it comes across and abuses drivers (we won't mention decency, it's a US company), and people who do not use it for that exact reason and want to have it cleaned up or even closed. My hope is that it burns so fast through its cash reserves it will not just leave the investors with a smoking hole in the ground, but also prevent the f*ckwit running it from ever receiving a dime again for an idea.

        Unfortunately, the way the world is going he'll probably get a job with either Trump or Wall Street instead as he'd fit right in.

        1. Kiwi

          Re: Honesty

          The world is divided into people who use Uber and thus are quite happy to take advantage of the fact that it breaks any laws it comes across and abuses drivers (we won't mention decency, it's a US company), and people who do not use it for that exact reason and want to have it cleaned up or even closed.

          Er, no. I don't use Uber because I have my own transport. I know lots of other people who're happy with public transport or have their own, or have never even heard of Uber, who discovered other services that they use before Uber etc etc etc.

          And most people I know have not heard of the problems with Uber because that stuff is not in the mainstream news or on the social media stuff they read (ie FB may have a billion posts about how bad Uber is, but these people don't read those bits of FB so they never see them). Those who use it (and even one who drives for Uber in the proper sense, as he goes to or from work, to/from shops etc) do so blissfully unaware of the stuff we read here at El Reg. If they were sure of the problems they'd then toss up supporting the drivers by still using Uber, or hoping to support the drivers by leaving Uber (if they use Uber, drivers still get paid, if they don't use Uber drivers children maybe go hungry).

          Given their alleged practices (and I do believe these things have happened, don't get me wrong) I too would like to see them gone.

  3. Anonymous Coward
    Anonymous Coward

    Are fingerprints not public in the US

    I seem to recall that case-law in the Excited States indicates fingerprints are not private but public.

    1. Anonymous Coward
      Anonymous Coward

      Re: Are fingerprints not public in the US

      Seems sensible. I certainly don't wipe them off everything I touch.

    2. Ian Michael Gumby

      Re: Are fingerprints not public in the US

      No, they are still private.

      Fingerprints are PII, therefore those who handle them must follow PII guidelines.

      I'd love to hear of any case law that says different.

    3. Sir Sham Cad

      Re: Are fingerprints not public in the US

      I don't think they mean actual fingerprints from fingers, more a "fingerprint" as in a profile of the user (Often gets cab from this pub, Rozzer/Not Rozzer, TOS Violator/Good Mark etc...) so personal data that they held in sekrit.

      1. P. Lee

        Re: Are fingerprints not public in the US

        >I don't think they mean actual fingerprints from fingers, more a "fingerprint" as in a profile of the user

        True, but if you wipe the door handle between customers, you can probably pick up their fingerprints too.

  4. Sureo

    Rules

    Apple can enforce or ignore its rules as it wishes, whatever is in its best interest.

    1. Anonymous Coward
      Anonymous Coward

      Re: Rules

      Apple can enforce or ignore its rules as it wishes, whatever is in its best interest.

      This appears hardly in its best interest - supporting a company that (a) breaks the law as much as it can get away with it and (b) breaks the rules that Apple normally enforces on its developers. Favouritism in any form creates tiers in the otherwise fairly flat app market and is extremely dangerous to the eco system.

      1. Kristian Walsh Silver badge

        Re: Rules

        The App Store mode is not "flat". Like most things presented as a pure meritocracy, the App Store is not a level playing field. If a headline app-maker wanted to do something Apple doesn't normally allow, then they can talk directly to Apple and get an exemption, and they usually do. (Imagine what would happen if a major user-magnet like Snapchat wanted to do something not in the TOS... you think Apple would pull Snapchat off iOS? Really?)

        Doing this is in Apple's interest, if not in the interests of its other developers. iPhone sales are primarily built on the assurance that whatever app you're looking for will be in the App Store. Right now, buying an iPhone is a cast-iron guarantee of never missing out on the next big mobile service -- everything launches on iOS, and while most new offerings launch on both iOS and Android, some leave Android to their "expansion" phase. (I'm not talking about utilities or games, but the "new" service apps that are relentlessly advertised on mass-media outlets).

        If a big-name property was suddenly made unavailable on iOS, it would send a big signal to customers and potential customers that, actually, iOS owners can be left out of the loop too. That puts iOS on the same level as Android to the vast majority of customers, and that's a dangerous position to be in when your devices cost so much more.

  5. Adrian 4
    Mushroom

    Scolding ?

    Err .. isn't 'summary dismissal and police investigation' more appropriate for abuse of office ?

    Oh sorry, I forgot. It's government. That's OK then.

  6. DrXym

    RICO act

    Some of the stuff Uber has pulled comes extremely close to racketeering. I'm kind of surprised that they haven't been raided yet.

    1. Anonymous Coward
      Anonymous Coward

      Re: RICO act

      I'm kind of surprised that they haven't been raided yet.

      Couldn't get a cab, obviously :)

      1. Scroticus Canis
        Paris Hilton

        Re: RICO act - Couldn't get a cab...

        So it's still working in the states then.

    2. Anonymous Coward
      Anonymous Coward

      Re: RICO act

      "Some of the stuff Uber has pulled comes extremely close to racketeering. I'm kind of surprised that they haven't been raided yet."

      They're probably paying off the ultimate racketeers i.e. politicians. Oh sorry it's called free speech apparently.

    3. eldakka
      Holmes

      Re: RICO act

      It's never RICO!

      I mean, not literally never. But I can say with a very high level of confidence that if you're asking me, it's not RICO.

      Popehat explains RICO

      key elements:

      ...To win, a plaintiff would have to prove (1) conduct, (2) of an enterprise, (3) through a pattern, (4) of racketeering activity called "predicate acts," (5) causing injury to the plaintiff’s "business or property."...

      let's take element (3) pattern:

      A pattern is at least two acts of racketeering activity ... over a ten year period.
      Uber has only existed for 8 years, founded March 2009, therefore currently it is literally impossible for it to be committing RICO violations.

      1. the spectacularly refined chap

        Re: RICO act

        You are interpreting that incorrectly. Substitute "within" for "over" if you prefer - it doesn't change the meaning one iota. Two acts in six months would fulfill the over ten years criterion even if the entity concerned has only existed for one of those ten years.

        1. Pascal Monett Silver badge

          Re: RICO act

          Fine, but let's be honest here : if you have developed functionality to specifically lie to law enforcement agents, well I take that as an open invitation to a SWAT team and legal shutdown.

          And if I were an Evil Overlord, I very much guarantee that your days, nay your minutes, would be numbered as soon as I learned that you are actively trying to avoid the scrutiny of my enforcers.

          1. nijam Silver badge

            Re: RICO act

            > ...if you have developed functionality to specifically lie to law enforcement agents

            Not supporting Uber at all here, but isn't the functionality at least partly (or even mostly) to stop law enforcement agents lying to them, rather than just the other way round?

            1. Anonymous Coward
              Anonymous Coward

              Re: RICO act

              to stop law enforcement agents lying to them

              That may be true, and the functionality may've been included with somewhat innocent intentions (yes yes, I know still talking about Uber here...) but...

              It would be illegal. LEA are supposed to lie. It is their job, and their reason for being. To your face, to the judge in a court case, as they fabricate evidence against an innocent person who looked at their wife/daughter/son the wrong way, target someone who had the audacity to pass them perfectly legally when said LEA was dawdling, lying when they issue for the ticket for the car being unsafe in some manner (even if it was perfectly intact and safe moments before the cop arrived and, er, adjusted it with his baton).

              Cops lie, that's what they do. Anyone who tries to keep them to the truth can expect to find out just how corrupt the rest of the "justice" system is as well. You might get away with it for a while, but they will come.

        2. Tabor

          Re: RICO act

          @chap : you're correct, but I still upvoted eldakka to counter the downvote. At least (s)he looked it up, which is a rare phenomenon on teh intertubes. The "very high level of confidence" was a bit much though.

  7. Anonymous Coward
    Anonymous Coward

    So, if you break Apple's rules you're afraid of the consequences...

    ... if you break the law you're sure no one will ever trying to enforce it...

  8. Anonymous Coward
    Anonymous Coward

    Where we are now

    But which is more important to Gen Snowflake: workers' rights, corporate culture or cheap taxi rides home after a night out on credit? It's the only way these media people can afford to live in central London on what the Guardian pays them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Where we are now

      And the vast majority of Londoners do work for the Gruan....

  9. Khaptain Silver badge

    Apple make money from UBER.

    UBER make money from APPLE.

    Enough said

    1. Anonymous Coward
      Anonymous Coward

      How does Apple make money from Uber?

      Care to explain for those who don't understand?

      As I see it, the App is free. AFAIK, there is no 30% payoff to Apple because you are dealing directly with the driver of the cab.

      If I am wrong then please accept my apologies.

      1. paulc

        Re: How does Apple make money from Uber?

        "because you are dealing directly with the driver of the cab."

        you may be given one route for which you are charged, but the driver gets given another route for which he is paid

        both of you get stiffed... you are charged for a longer route and he/she is paid for a shorter route...

        1. Anonymous Coward
          Anonymous Coward

          Re: How does Apple make money from Uber?

          But... how does that relate to money flowing into Apple's coffers?

          I don't see Apple profiting from Uber's underhand dealings with its drivers.

          1. katrinab Silver badge

            Re: How does Apple make money from Uber?

            If you pay via Apple Pay, then Apple get a cut. I don't know if this is possible, but some other Taxi apps do support it.

  10. viscount

    "... the unique fingerprinting persisted even after the phone was erased"

    Seriously what does that even mean?

    1. sebt
      Alien

      It's probably something like browser fingerprinting (see EFF's Panopticlick tool for more info). A combination of the OS/browser/installed info that's available to the webserver can be relatively unique.

  11. viscount

    I have come to regard Uber in the same way as I view Peter Mandelson: I don't agree with him much but I am both impressed and entertained by what he gets away with.

    1. Anonymous Coward
      Anonymous Coward

      That's quite a club. Piers Morgan belongs to that one too, although he has at least one redeeming opinion: his stance against gun laws (which got him into trouble in the US with the Gods of the gun lobby and their followers but made for some fairly spectacular interviews)..

  12. danR2

    legislation?

    If cyber-stalking and surveilling public and police officials isn't a crime, maybe federal legislators should start thinking it should be.

    1. Anonymous Coward
      Anonymous Coward

      Re: legislation?

      I think knowing where law enforcement is makes things fair. They are close to knowing where we are all the time.

      They are here to protect not control and surveille.

  13. x 7

    SPADS? =Signals Passed At Danger

  14. Tim99 Silver badge
    Gimp

    A different take

    More than a slap on the wrist from Apple according to 9to5mac.com?

    "As you might expect, however, it didn’t take long for Apple and its engineers to catch on to Uber’s tactics and the issues went straight to the top. Tim Cook called Uber CEO Travis Kalanick to come meet with him on Apple’s campus. Cook reportedly opened the meeting with a simple, “So I’ve heard you’ve been breaking some of our rules.”

    He went on to demand that Uber stop the fingerprinting and put the app back in compliance with Apple’s privacy guidelines. The consequence for refusing this demand from Cook, was that Uber would be removed from the App Store.

    For Mr. Kalanick, the moment was fraught with tension. If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business. So Mr. Kalanick acceded."

  15. Anonymous Coward
    Anonymous Coward

    Uber is a data company

  16. allthecoolshortnamesweretaken

    Makes you wonder whether Apple has invested in Uber.

    1. gnasher729 Silver badge

      "Makes you wonder whether Apple has invested in Uber."

      Google has. Which is particularly funny since they are now suing Uber for stealing their self-driving car secrets.

  17. the Jim bloke

    There is a lot wrong with the current crop of IT exploiting businesses

    And Uber is their poster child.

    Its enough to make me wish the Microsoft kiss-of-death upon them, except they would make MS even worse before dying - and probably end up running MS.

  18. JLV

    "Honest, guv, all our rides are in Luxembourg".

    Anytime you figure Uber-dislike has peaked, it comes out that they are doing yet some other reprehensible crap to justify people hating their guts.

    Now, I know they're not, by far, at the profit-making phase of their little adventure yet. No sirree.

    But, what do you want to bet that there will be plenty of shady justifications for all of Uber's profits, when/if they arrive, being generated in Luxembourg or the like, in order to avoid tax anywhere else?

    I'll forego the joke icon because I wouldn't put it beneath them.

  19. Nathan 13

    I will never use Uber

    Not many companies I will not do business with out of principle, but Apple and Uber are 2 of them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like