Uber used cyber spying techniques on iPhone users, hid it from Apple - report
Uber allegedly used a technique known as persistent digital fingerprinting on Apple devices in 2014 and 2015 which allowed the transportation tech company to track iPhones even after the app had been uninstalled or the device was wiped entirely.
“We absolutely do not track individual users or their location if they’ve deleted the app… Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users,” an Uber spokesperson told Business Insider in a statement.
According to an exposé about Kalanick published in the New York Times, Uber’s reasoning behind the digital fingerprinting was to fight fraudulent claims by drivers who hoped to take advantage of the company’s bonus scheme.
Unscrupulous Uber drivers around the world would use stolen iPhones that had been wiped of their digital information to set up dummy email accounts, and thus dummy Uber accounts, and create multiple fake rides to earn more bonuses.
The persistent ID tags helped combat such practices but were in direct breach of Apple’s terms of service which are aimed at protecting consumer privacy.
In order to subvert Apple’s engineers, Uber then created a fake version of their app’s code which did not contain the persistent ID tag. The fake code would display any time a person at the physical address of Apple’s headquarters attempted to view it, in a technique known as ‘geofencing.’
The limitations of Uber’s geofencing strategy soon became apparent, as Apple engineers located anywhere other than the headquarters in Cupertino, California could clearly see the suspicious code, and soon raised the alarm with Apple’s top brass, including Tim Cook.
The tactics were so egregious that Apple CEO Tim Cook summoned Kalanick to his office and threatened removing Uber's app from Apple’s App Store if he did not end the practice immediately.
Uber is already known for employing digital smoke and mirrors throughout its history, however.
The VTOS (Violation of Terms Of Service) program was created by Uber to subvert authorities in areas around the world where Uber was resisted or outright banned.
In particular, the Greyball tool was developed to identify, track and deceive authorities who attempted to use the app in an attempt to expose Uber’s operations in prohibited areas. Greyball would identify such targets and then send them phantom cars on the app that never arrived in the real world.
Uber is also embroiled in a lawsuit which alleges that an Uber engineer stole 14,000 files from Google’s self-driving car program.