Swarmed by bad press and unkind hashtags, has Uber finally gone too far?
If the allegations contained in a New York Times article hold water it might now be more a question of which annoyed parties will be first in the queue to answer in the affirmative.
Reportedly, Uber CEO Travis Kalanick (pictured) visited Apple’s Infinite Loop HQ in early 2015 to be told off in person by Apple chief executive Tim Cook for “secretly identifying and tagging” iPhones that had installed the Uber app in attempt to detect service fraud by the company’s drivers in China.
The tagging is described as “fingerprinting”, that is using the Uber app to plant something on the iPhone that couldn’t be erased, even potentially when the app was removed and the device refreshed to factory settings. Uber would always know it had encountered that iPhone before.
Problem one: Apple prohibits this behaviour, which is why Cook is said to have threatened to remove Uber from its app store. Problem two: Uber attempted to hide what it was doing from Apple by “geofencing” or obscuring its app code from anyone studying it from the location of within Apple’s Cupertino HQ.
Says the NYT story:
Mr Kalanick was shaken by Mr Cook’s scolding, according to a person who saw him after the meeting.
So much for Tim Cook and Apple’s ire. What about the privacy implications for iPhone users? And what about Android?
Terms like “fingerprinting” and “tracking” need careful qualification, because they are often used quite loosely. The former usually refers to ways of identifying a device, the latter to profiling a user.
Internet users are tracked in all sorts of ways, by advertisers, ISPs and app makers. However, companies are not supposed to relate this data to a real person without their explicit consent, without which it becomes a privacy concern.
On that score, Uber now says:
We absolutely do not track individual users or their location if they’ve deleted the app.
But it does still appear to track devices for anti-fraud purposes:
Being able to recognize known bad actors when they try to get back on to our network is an important security measure for both Uber and our users.
It’s not clear whether the way it does this is different than it was when Apple expressed its unhappiness in 2015. Nor does it enlighten us about Android devices, although if anti-fraud is the motivation, then not including Android would be illogical.
In a telling aside, the NYT story mentions a company called Unroll.me, a service for un-subscribing from mailing lists and newsletters. At some point, Uber started buying data from Unroll.me on how many customers of rival Lyft were ditching the app, culled from analysis of their inbox emails the company’s CEO now regrets.
While the data was anonymised, it reinforces the growing sense that when it comes to users, Silicon Valley knows few limits. Nobody was any the wiser about this – or Uber’s tagging of iPhones – until a newspaper wrote about it.
As usual, beyond the PR statements and the lawyerly T&Cs, the customers are the last to be told what is really happening on their expensive smartphones.