Skip to content
Naked Security Naked Security

Apple threatened to oust Uber from App Store for ‘fingerprinting’ iPhones

Questions remain over if and how Uber still tracks devices after chief exec Kalanick was summoned to Apple for a roasting

Swarmed by bad press and unkind hashtags, has Uber finally gone too far?

If the allegations contained in a New York Times article hold water it might now be more a question of which annoyed parties will be first in the queue to answer in the affirmative.

Reportedly, Uber CEO Travis Kalanick (pictured) visited Apple’s Infinite Loop HQ in early 2015 to be told off in person by Apple chief executive Tim Cook for “secretly identifying and tagging” iPhones that had installed the Uber app in attempt to detect service fraud by the company’s drivers in China.

The tagging is described as “fingerprinting”, that is using the Uber app to plant something on the iPhone that couldn’t be erased, even potentially when the app was removed and the device refreshed to factory settings. Uber would always know it had encountered that iPhone before.

Problem one: Apple prohibits this behaviour, which is why Cook is said to have threatened to remove Uber from its app store. Problem two: Uber attempted to hide what it was doing from Apple by “geofencing” or obscuring its app code from anyone studying it from the location of within Apple’s Cupertino HQ.

Says the NYT story:

Mr Kalanick was shaken by Mr Cook’s scolding, according to a person who saw him after the meeting.

So much for Tim Cook and Apple’s ire. What about the privacy implications for iPhone users? And what about Android?

Terms like “fingerprinting” and “tracking” need careful qualification, because they are often used quite loosely. The former usually refers to ways of identifying a device, the latter to profiling a user.

Internet users are tracked in all sorts of ways, by advertisers, ISPs and app makers. However, companies are not supposed to relate this data to a real person without their explicit consent, without which it becomes a privacy concern.

On that score, Uber now says:

We absolutely do not track individual users or their location if they’ve deleted the app.

But it does still appear to track devices for anti-fraud purposes:

Being able to recognize known bad actors when they try to get back on to our network is an important security measure for both Uber and our users.

It’s not clear whether the way it does this is different than it was when Apple expressed its unhappiness in 2015. Nor does it enlighten us about Android devices, although if anti-fraud is the motivation, then not including Android would be illogical.

In a telling aside, the NYT story mentions a company called, a service for un-subscribing from mailing lists and newsletters. At some point, Uber started buying data from on how many customers of rival Lyft were ditching the app, culled from analysis of their inbox emails the company’s CEO now regrets.

While the data was anonymised, it reinforces the growing sense that when it comes to users, Silicon Valley knows few limits.  Nobody was any the wiser about this – or Uber’s tagging of iPhones – until a newspaper wrote about it.

As usual, beyond the PR statements and the lawyerly T&Cs, the customers are the last to be told what is really happening on their expensive smartphones.


I think that if I were in Tim Cook’s shoes, I would have blocked the app *first*, then called Uber’s CEO into the office for a chat. Companies who violate the privacy of their users of former users deserve to be put out of business. Profit is no excuse for underhanded behavior. It’s time people started taking a firm stand against unethical companies.


Pretty sure if they remove the Uber app a lot of people that suddenly can’t use Uber will blame Apple, as Uber can just say “Apple removed our App for our anti-fraud efforts” without even lying. In any case, not good PR for Apple. And you are only going to stop “unethical” companies if the endusers stop buying their products. However, depending on what you look at (Foxcon) you might already be guilty for promoting unethical companies, if you have an iPhone, or any Smartphone for that matter.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!