We learned yesterday that Tim Cook almost pulled Uber from the App Store over the way it was tracking iPhones and tricking Apple engineers. Uber had seemingly found a way to ‘fingerprint’ individual iPhones even after the app was removed, and had taken steps to try to hide this behavior from Apple – one of many questionable business practices the ride hailing firm has made in recent years.
The original NYT piece suggested that Uber was somehow able to track iPhones even after they had been erased, but well-connected John Gruber has come up with what seems like a more probable description of what the company was and wasn’t doing …
Gruber noted that what the piece appeared to suggest – that Uber was able to track iPhones even after the app was removed and the phones wiped – should be technically impossible. What is far more likely, he suggests, is that Uber found a way to fingerprint devices in a persistent way, but had no ability to access that fingerprint until the app was reinstalled.
Doing this definitely breaches Apple’s privacy requirements for apps. An analysis by Will Strafach found that the app was using private APIs to use IOKit to pull the device numbers – which is another definite no-no. But it’s not the same as being able to track phones without the app being present.
The Uber app is reinstalled on the iPhone. When it launches, it does the fingerprint check and phones home again. Uber now knows this is the same iPhone they’ve seen before, because the fingerprint matches.
As for why Uber was doing this, it appears it was an anti-fraud measure specifically geared to an issue the company had experienced in China and elsewhere.
It’s of course not the first time Uber has come under fire for its customer tracking habits, though last time the explanation did appear to be innocent.
Photo: AP Photo/Eric Risberg
