Skip to main content

Uber violates privacy, App Store policy, violates privacy again, and it's only Tuesday

Uber has been caught egregiously violating user privacy and App Store guidelines by persisting device identifications even when the Uber app was deleted and the device wiped.

Mike Issac, writing for The New York Times:

For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple's engineers. The reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple's privacy guidelines.But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. "So, I've heard you've been breaking some of our rules," Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber's app would be kicked out of Apple's App Store.

The original story used the word "tracking" which made people think Uber was persisting device location rather than device id. ID alone is still egregious though. Uber was able to do this by using private APIs, which is something expressly forbidden by Apple's terms of service. Worse, Uber deliberately tried to hide its violations by geo-fencing Apple's hometown of Cupertino, California. Unfortunately for Uber, it must have forgotten all the other Apple offices around the U.S. and the world. Something especially embarrassing for a location-based company.

See more

Uber was apparently doing it to fight abuse in China, where multiple devices were stolen, wiped, and used to fraudulently extract money from the service. Uber has every right to fight abuse but zero right to do it in a way that violates customer privacy and App Store policy.

If this were a smaller, less important company, it's hard to believe Apple wouldn't have bounced their app right out of the store.

The same New York Times article also alleges further privacy abuse, both on the part of Uber and of Slice Analytics.

Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll.me, Slice collected its customers' emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft's business. (Lyft, too, operates a competitive intelligence team.)

Slice was using data from Unroll.me, a service that offered to help "clean up" inboxes in exchange for log in information that it then used to harvest user data.

This is part of the reason I no longer use a personal Gmail account and don't allow any third-party service access to my work Gmail. Data is more valuable than money. If anyone is still confused by that, just look at what unscrupulous companies are willing to do to get it.

I deleted the Uber app a while ago but this is enough to make me want to re-download it just so I can delete it again. (If it were safe to do so, of course.)

It's not just callous, short-sighted, and unintelligent behavior on the part of Uber, it's another knife in the back of drivers, many of whom are actually liked by their customers.

Just like the interface is the app to most users, the drivers are Uber to most customers, and there's not enough competition in all areas for everyone to easily switch.

No idea if Uber is engaging in similar practices on Android or similarly violating the Google Play terms of service, but how much longer, and how many more abuses, must Uber rack up before serious action starts being taken?

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

16 Comments
  • The gig economy is so groovy. Yeah, right.
  • "This is part of the reason I no longer use a personal Gmail account and don't allow any third-party service access to my work Gmail. Data is more valuable than money. If anyone is still confused by that, just look at what unscrupulous companies are willing to do to get it." You really don't like Google, huh? Lol. This really has nothing to do with Google and unroll.me explicitly states what they do and how they monetize their services in their terms and conditions. They have came out and said they will clarify the messaging but it's always been there. This is Uber and Uber alone. Apple holds some responsibility here as well for the app continuing to be available. Just seems disingenuous to spread more fear about services that have nothing to do with this as well as continue to toss mud Googles direction.
  • With Google, you are the product, which is what he doesn't like. He's not alone. I would pay good money to have an iCloud account with my domain name. That is the only thing stopping me from switching from my grandfathered Google Apps usage.
  • But you know what you're getting into. He often makes it sound like Google is malicious in what they do. They aren't. I'd be fearful if I only based my views on these articles.
  • 100% agree and Google is crystal clear about what they do with my data. Apple is very vague yet trusted implicitly. Posted via the iMore App for Android
  • For what it's worth, Google also gives you tools to not just view the data they collect on you but also to wipe most or all of it. Yes, it's painstakingly tedious but it is there. How many others can say the same thing?
  • "If Uber's app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company's business. So Mr. Kalanick acceded." Oh stop!! Sure this will essentially happen but getting the app pulled from the App Store is more of a slow death than a bullet to the head, like this guy makes it sound.
  • A company that lost billions last year would instantly lose a lot of business. On top of that, iPhone is the premium market. I cannot say which makes more, the more common Android or the more willing to pay iOS, but neither is a small market. Add to that the increase in revenue to their competitors and the difficulty to acquire future funds to burn through… you get the idea.
  • That's assuming everyone just simply deletes the app the second it's pulled from the Apple Store, in which people like me won't, and are still able to use it. I'm still able to use apps that got the boot from the App Store, but I'm gonna hate upgrading since it'll finally mean the death of those apps in my circumstances. Again, just cause an app gets pulled doesn't mean it'll stop working, unless Apple really wants to take that extra step and pull the master Switch on the app and remotely disable. Not sure if they would go that far.
  • I'm more concerned with Apple's behaviour here than Uber's, the latter being a truly despicable organisation in every aspect of their business practices. Such an egregious violation of the App Store rules should have resulted in the App being pulled (a punishment many smaller apps have been subjected to). However due to Uber's size and user base Apple aquiesced and showed that their zero tolerance policy towards privacy violations doesn't apply to everyone.
  • ^^ Bingo
  • I agree with you on principle, but users would have been ******. Lots of them who need to get to work. Warning would have needed to have been given. Uber probably had couple days to fix the issue, or else that. And that's why Cook did it in person. Otherwise the lawyers could have handled it. I still would have liked to of seen the app pulled yet left to work with a day or so notice. It still would have caused problems, but far fewer. I think they needed the slap on the wrist. Removing it forever would **** off a lot of people and make some of them switch to Android, and get tracked anyway. The market needs competition, and that would not build it. Just too many down sides, much as I hate to admit it.
  • "Lots of them who need to get to work" - Really??? How did they manage before Uber?
    Addiction to tech...really bad thing.
  • They waited longer to take buses, asked/inconvenienced friends, rented cars, and all sorts of pain in the but things. I own a car, so I don't need Uber or Lyft, but people *love* them because they are more convenient than cabs and cheaper than car rentals in my area.
  • What the **** does looking for a ride have to do with tech?? So an app on my phone makes a bit easier for me to pay some d'bag that runs red lights and drives 30-40 MPH above the speed to get me to point B. It's not the tech I'm addicted to, it's the service itself. The only thing the tech may do here is make me lazy, as I either don't wanna use my car or not in the mood for public transit. Uber's app getting pulled though can mean a huge pay day for Lyft though.
  • The best thing to come from this whole ordeal (if you even care about this which I don't. I love Uber and use it frequently), is that we just need to geofence all apple offices to override their rules. Posted via the iMore App for Android