Uber Got Served for Breaking Apple’s iOS Privacy Rules
According to a profile published over the weekend by The New York Times, Uber’s Chief Executive, Travis Kalanick, was summoned back in 2015 to Apple’s headquarters by CEO, Tim Cook, on the grounds that Uber had allegedly broken Apple’s iOS privacy rules via the Uber app for iOS.
At issue was the fact that Kalanick had apparently been directing his employees to “camouflage the Uber app from Apple’s engineers,” chiefly so that they wouldn’t be able to find out Uber had secretly been identifying and tagging iPhones, even long after the Uber app was deleted and/or the handset had been erased for sale or transfer — a maneuver that’s in clear violation of Apple’s iOS privacy guidelines.
“So, I’ve heard you’ve been breaking some of our rules,” Cook said in an otherwise calm tone to Kalanick, while adding that it’s time to “Stop the trickery,” or Uber’s app would be kicked out of Apple’s App Store.
Realizing that serious tension was brewing, and that his $70 billion dollar ride-sharing empire could effectively crumble without access to Uber’s millions of iOS users, Kalanick acceded to Cook’s demands, according to the report.
What Kalanick and his employees had been doing, albeit at the expense of breaking Apple’s rules, was trying to prevent a certain type of fraud that had been popular in China at the time, whereby scammers would load up stolen credit card information on phones in an attempt to hail rides — prior to wiping the phones and repeating the process all over again, according to The Guardian.
The team at Uber, under Kalanick’s directive, had apparently inserted its own code into the Uber app for iOS, so that the software team in Cupertino wouldn’t be able to recognize the code was even there.
Of course, little did Kalanick and company know, at the time, that Apple’s software team and their app monitoring capabilities are essentially second-to-none, and they were easily caught in their sly attempt to undermine the rules.
Back in 2014, in response to the original story of Uber’s shady practices, security researcher Will Strafach discovered that the ride-sharing firm had integrated a certain string of code within its app — one that Apple, itself, uses exclusively to “pull an iPhone’s serial number out of the device’s operating system.” What Uber likely didn’t realize was that these iPhone serial numbers remain the same, even if a user completely wipes their device of all content and settings to sell or transfer usage to another account.
“This is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone – over and over again,” an Uber spokesperson said to TechCrunch in response to this story, while adding that “Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
Worth noting is that even if Uber’s skirting the system hadn’t been spotted by Apple, the technique employed by Kalanick’s team no longer works, and a recent iOS update blocks apps from discovering an iPhone’s serial number.
0 comments:
Post a Comment