Uber tracked former users even after they deleted the app from their iPhones, a practice that eventually earned CEO Travis Kalanick a scolding from Apple chief executive Tim Cook, the New York Times reports. Uber is pushing back on the allegations, saying that the tracking is a common industry practice used to prevent fraud and account compromise.
Uber allegedly used a practice called fingerprinting to track devices after the app was deleted. Uber reportedly began fingerprinting iPhones as a fraud-prevention method in locations like China. Drivers there would register multiple Uber accounts on stolen iPhones and use them to request rides, thereby boosting the number of overall rides — a metric that Uber rewards with bonuses.
In order to prevent Apple engineers from discovering the fingerprinting, Uber allegedly geofenced Apple’s Cupertino headquarters to hide the code used in the process. But Apple engineers based in other offices discovered the trick, according to the New York Times, leading Cook to summon Kalanick to his office in early 2015.
Cook reportedly told Kalanick, “I’ve heard you’ve been breaking some of our rules,” and threatened to yank Uber from the App Store if it didn’t stop tracking iPhone customers. Kalanick reportedly complied.
However, Uber told TechCrunch that it still uses a form of device fingerprinting in order to detect fraudulent behavior. If a device has been associated with fraud in the past, a new sign-up from that device should raise a red flag, an Uber spokesperson said. Uber suggested that the practice of fingerprinting was modified to comply with Apple’s rules rather than discontinued altogether.
“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users,” an Uber spokesperson said.
The New York Times also reports that Uber purchased Lyft rider receipts from an intelligence firm. The company partnered with a firm called Slice Intelligence to do research on Lyft customers. Uber reportedly purchased Lyft users’ ride receipts from Slice, which the company accumulates through an email digest service it owns, in order to study its competitor’s business.
In late 2016, nearly two years after Kalanick’s sit-down with Cook, an update to Uber’s app allowed the company to begin tracking its customers’ locations even when they aren’t using the app. Uber said that it would only track users for five minutes after they begin or end a ride in order to ensure a more accurate pickup location and a safe exit from the vehicle after the ride. This tracking relies on user consent — an Uber customer has to enable location services for the app — and is in line with Apple’s developer rules.
The new reports of privacy-infringing practices come on the heels of allegations of sexual harassment at Uber and in the midst of a trade secret lawsuit brought against the company by Waymo, the self-driving car unit owned by Alphabet. Kalanick has admitted he needs leadership help and is reportedly seeking a chief operating officer to help balance his hard-charging leadership style. An independent report on Uber’s workplace culture, prompted by the sexual harassment claims, is expected at the end of May.
Featured Image: Getty Images