Ridehailing app Uber’s phone-tracking features have come under fire before, but a new report suggests they were more extensive — and resilient — than the company let on. According to the New York Times, Uber secretly tagged iPhones even after its app had been deleted and the devices erased — a move that prompted Apple CEO Tim Cook to threaten to ban the Uber app from the iPhone App Store in 2015.
At issue was the Uber app’s use of “fingerprinting,” a method of identifying an individual iPhone after it’s been reset. Apple prohibits the practice in its developer terms of service agreement, which Uber sought to skirt by geofencing Apple’s headquarters in Cupertino, California. The offending code was obfuscated for employees within a specific geographic range, preventing them from seeing Uber’s fingerprinting.
Uber devised the method in response to widespread fraud, reportedly. According to the New York Times, Uber’s expansion into China was hampered by criminals who bought stolen iPhones, erased them and resold them, and then attached dozens of fake Uber accounts to them. Uber drivers would request and accept rides from those phones, for which they’d earn credit.
Despite Uber’s efforts, Apple engineers discovered the company’s ruse. According to The New York Times, Cook warned Uber CEO Travis Kalanick that if its ridehailing app didn’t stop tagging iPhones, it would be removed from the App Store — and lose access to millions of iPhone customers in the process. Kalanick then conceded.
“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and wiping the phone — over and over again. Similar techniques are also used for detecting and blocking suspicious login to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our networks is an important security measure for both Uber and users.
This is not the first time Uber has been accused of tracking users’ iPhones. Late last year, the company updated its terms of service to allow the Uber app to collect location data even when it’s not being used.
And some former Uber employees used that feature to violate users’ privacy. According to a report from Reveal from The Center for Investigative Reporting, some used Uber’s “God View” — a location-tracking tool to which the company allowed broad access — to monitor the whereabouts of ex-girlfriends and celebrities, including Beyoncé.
The new allegations do further harm to the embattled company’s image. Uber has been accused of fostering a toxic corporate culture, and stands accused of mounting a program — Greyball — which it used to deceive law enforcement and evade regulators in cities where the service wasn’t welcomed by municipal authorities.