>Travis Kalanick, the chief executive of Uber, visited Apple’s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading.
>For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineers. The reason? So Apple would not find out that Uber had secretly been tracking iPhones even after its app had been deleted from the devices, violating Apple’s privacy guidelines.
>But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. “So, I’ve heard you’ve been breaking some of our rules,” Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.
>For Mr. Kalanick, the moment was fraught with tension. If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business. So Mr. Kalanick acceded.
>Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks Fuck this combo.
Ryan Hall
Uber tracking users even after the app has been deleted from the device? How is that possible?
Jordan Campbell
>yo dawg i've heard you like botnets
Nathaniel Flores
>uber tracking and not underlying intel
Robert Bennett
How it would have went if the Android bosses called him in
>I heard you've been tracking users even after Uber is closed >Yeah, I have >Good job, but cut us in on that data >No problem
Ian Perez
>The idea of fooling Apple, the main distributor of Uber’s app, began in 2014.
>At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.
>To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.
>There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device.
>So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code from people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.
>The ruse did not last. Apple engineers outside of Cupertino caught on to Uber’s methods, prompting Mr. Cook to call Mr. Kalanick to his office.
Jason Scott
Seems more like an issue with Apple not actually erasing the data like they claimed and Uber taking advantage of Apple's lazy/deceptive practices.
Ian Moore
Isn't it that Uber were fingerprinting iPhones and storing that data on their servers? Then they made sure the people working at Apple in Cupertino couldn't see that part of the source.
Owen Collins
Sounds more like they don't store the data on the phone itself. They just send the UID of the phone to Uber's server, tie it to an user account and keep track if the same UID appears with a different account.
Grayson Taylor
Uber was remotely fingerprinting iPhones and blocking Apple engineers in Cupertino from seeing it happen in the app's code. It had nothing to do with the data on the device itself.
Blake Ward
>using uber
Charles Morris
Is this the level of reading comprehension the American education system produces?
Luke Wood
Clearly didn't pay enough tuition.
Bentley Morris
How the fuck can it track the phone if the app is deleted?
Joseph Reyes
So Apple is leaving persistent identification information on erased phones, Uber copied that information and used it to check to see if people were erasing phones and making new accounts to exploit Uber's promotional offer.
Again why is Apple leaving persistent information on an erased phone? "Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device." But clearly that practice doesn't work and do what is claimed.
How can software track an erased phone unless the phones carry over identifiable information? This is 100% Apple for whatever reason leaving information on the phone that makes it easy to identify phones.
Either Apple need to actually blank the phones, or they need to stop non system functions from reading the identifiable information Apple leaves on phones that have been wiped, even while claiming that wiped phones leave no trace.
Still not the fault of Uber. This is Apple attacking someone that found they were lying to their customers, investors and possibly government/law enforcement.
Carter Hall
>Again why is Apple leaving persistent information on an erased phone? Probably because the phones don't suddenly change hardware.
Nicholas Reyes
What should they do, change the phone's serial number every wipe?
David Wright
Most app developers store your device serial numbers, IMEI, etc., moron.
Nolan Garcia
Holy fuck you're retarded.
Kayden Hall
Not when the app is deleted.
Dominic Lopez
They can if they just upload the data to their server. See: Uber.
Jacob Martinez
Why does the phone need a hardware serial number? Why is that low level information accessible to 3rd party software?
How does unique identifiable information work when Apple says that "wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device"?
Tyler Cox
Yes and that's against Apple's TOS which is why this news exists
Adam Anderson
WhatsApp does the same, dipshit.
Angel Wright
>Why does the phone need a hardware serial number? Warranty information, information on date and time of manufacture, information on device specifications. >Why is that low level information accessible to 3rd party software? Fuck if I know.
Austin Flores
Substantiate your claims
The issue isn't that the Apps have access to the data and they're using it, the issue is that Apple doesn't allow you to store it after app deletion. Uber knew this and hid the code.
Bentley Stewart
>Warranty information, information on date and time of manufacture, information on device specifications.
You can have all the information in a non unique non identifying set of data.
The warranty information is the only point that becomes an issue, but in the 10s of thinking I have reasonable method to still protect the hardware even if it can't be uniquely identified.
Josiah Moore
>The issue isn't that the Apps have access to the data and they're using it, the issue is that Apple doesn't allow you to store it after app deletion. No the issue is that Apply says wiping removes all trace of the owner's identity, when in fact it doesn't. They are lying if they claim wiping removes identity. They can't say well it works but only if you don't record the identifying information.
Samuel Ortiz
>You can have all the information in a non unique non identifying set of data. >The warranty information is the only point that becomes an issue Congrats, you are retarded.
Noah Bennett
Why did Uber hide the code?
Juan Gutierrez
>According to an internal slide deck on driver income levels viewed by The New York Times, Uber considered Lyft and McDonald’s its main competition for attracting new drivers. >McDonald's
Nicholas King
>Why did Uber hide the code? Because Apple would react badly to having their lies exposed.
Dylan Long
You are confusing the issue
Fingerprinting isn't a problem
>There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure customers that no trace of the owner’s identity remained on the device.
Wiping an iPhone to ensure no trace of the owner's identity remains INCLUDES the assumption that when apps are deleted, all of your fingerprinting information is deleted too.
Uber wasn't deleting the fingerprint information, and were hiding the code from Apple.
Nathaniel Johnson
People who are too poor to afford Apple devices will do everything in their power to try and bash Apple. It is truly a sad sight to behold.
Gavin Smith
Fingerprintimg is not about owner's identity but about the iphone's identity itself. If Uber gets multiple accounts coming from one device then the driver is cheating. It is identifying the device. And unless Apple removes stuff like MAC addresses or some other ID, it will be easy to do.
Justin Ortiz
That's fine, but storing it after the app is gone isn't.
Grayson Peterson
>They can't say well it works but only if you don't record the identifying information. Apple lied.
The issue isn't that it's against some software platform rule, it's that Apple lied about what wiping does. When Uber exploited their lie to protect their business Apple was forced to admit that what they had claimed happens doesn't.
Further and again, why can user software access this hardware information without hardware level hacks?
Brody Bell
Because they were breaking the terms of service for the App Store and they very well knew it.
James Scott
You're misunderstanding
Apple isn't telling people that wiping the device removes the ability to identify the device, they are saying that that's what they want to happen (because when apps are wiped then the fingerprint data must also be wiped as per Apple's terms). Uber was messing that up by storing the fingerprint data even after the app was gone.
No one is claiming all of your hardware IDs and various other numbers are wiped when you factory reset.
Charles Williams
>Apple lied. Do you work for Uber since you are somehow blaming Apple when Uber broke the rules and then tried to hide the fact that they broke rules with a fucking geofence?
Gavin Cox
Are we seriously arguing with a retard who doesn't understand how a server can have access to a client device's MAC address?
Dominic Collins
>And unless Apple removes stuff like MAC addresses or some other ID, it will be easy to do. They use random MAC addresses on iOS 8.
The device only broadcasts a random MAC address to access points and peer devices that it's not connected to. Otherwise, if you connect to your Starbucks's Wi-Fi, it can track you.
Sebastian Flores
>No one is claiming all of your hardware IDs and various other numbers are wiped when you factory reset. Or that they use numbers are not identifying.
So Apple can't honestly claim that a wipe removes all personally identifying information. And depending on a license agreement to get that is stupid.
Why even bother to do any wiping if you can use say in your agreement that you can't store any identifying information after the user says stop?
Look it's full proof you just said they can't store the info so their is no possible way to match someone after they press the 'wipe' button because the license says so.
Answer my question why does Apple allow user software to access hardware identifiers?
Chase Jones
>caring about privacy
What do you have to hide?
Jack Young
Uber doesn't store anything in the phone. Hardware has IDs.
Bentley Adams
That's good and all but I'm sure it's not the only id stored in the phone.
Will you claim that it is impossible to change a MAC address by software. That it is not well within the possibility of Apple to register 'forgotten' addresses that are discarded on wipe and reissue a new random MAC address from a pool of addresses Apple uses and to put that forgotten address into the pool of random addresses?
Ethan Hill
>Answer my question why does Apple allow user software to access hardware identifiers?
Because it's not against their terms to identify the phone when the app is installed.
Benjamin Lopez
What need does Apple have for a unique hardware identifier when they could use a range identifier and offer their customers real privacy?
Nathan Gonzalez
That's the issue. They shouldn't have any. But if Uber is doing it, then it means it is possible.
Both are in the wrong here.
Camden Robinson
>So Apple can't honestly claim that a wipe removes all personally identifying information. Phone serial number is not personally identifying. It just identifies the same device. However, if I write down your name and your IMEI on the same piece of paper, I can know what device is yours even after you wipe the device.
Nathan Ramirez
>Both are in the wrong here. No, Uber is in the wrong here for not playing by the rules.
Matthew Miller
>Because it's not against their terms to identify the phone when the app is installed. But to depend on their license means that when a user uses the wipe option their is zero way to tell if you actually get a phone with no past user history and no way for Apple to tell either.
If they want to ID the phone, then while the software is installed they can use an internal software ID tag that is removed when the app is removed. Their is no justifiable reason to give hardware ID to end user software.
Jace Anderson
>no way for Apple to tell either.
This is your addition
Hudson Long
Stop posting
Brandon Barnes
Why was your phone used by a terrorist? We know it was your phone because it has this serial number. You need to tell us how your phone got into the hands of a terrorist.
~
The services you use normally identify you to your phone. As that phone has identifying information each time that phone is wiped then used a new user profile is built that identifies the user. This creates a chain of personal information.
Xavier Diaz
this fuck uber
Joseph Rodriguez
>We know it was your phone because it has this serial number. How do you know who owns the serial number? >You need to tell us how your phone got into the hands of a terrorist. You can sell an iPhone or just have one stolen.
Nicholas Parker
>This is your addition How can Apple know what data is remotely stored or deleted by 3rd party actors?
They can't as explained by this story where Apple suspected something but had to check to try and figure it out. They had no built in way to check. Even now they have no way to check if the remote storage is deleted or not directly. Only by checking if a device reacts in a manner consistent with remote data storage can they suspect that data isn't being deleted.
Connor Richardson
You know piracy and other online crime lawsuits are frequently dismissed when the plaintiff fails to establish a definitive connection between the defendant and the originating IP address, right?
Austin Gonzalez
>How can Apple know what data is remotely stored or deleted by 3rd party actors?
They can review the apps. I don't know exactly what this entails
>So Mr. Kalanick told his engineers to “geofence” Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location.
Thomas White
Apple is in the wrong for allowing others to not play by the rules. We are talking security here. You can't just expect third parties to simply play by the rule.
Ryan Peterson
Right, here's your fix: remove the App Store.
Joseph Barnes
The answer to your question and statement is basic police/counter terrorism investigation.
Aiden James
Wouldn't it be better if your phone wasn't uniquely identified by hardware?
And that by wiping it you ended up with no traceable connection to the last user?
Thomas Lewis
>Wouldn't it be better if your phone wasn't uniquely identified by hardware? And that you have no warranty?
Xavier Williams
Extended warranties are generally non transferable.
Joshua Moore
Uber uses HWID to prevent free ride abuse. The HWID is saved on their server and if you attempt to get a free ride after wiping/uninstalling/whatever it cross checks it with their servers and then denies you.
How Apple probably found out >apple engineer used free ride from geofenced Apple hq to his home >tries from another location, it doesn't work >only works from Apple hq >this lead to a series of detective work on various unique identifiers >how do they know who I am if we have a policy of deleting user data upon uninstall? >oh wait they aren't deleting it
Ian Scott
Think about it like this. Uber got caught because it is a massive important company. If they can do it for their app, then any other app can be done as well and probably would not have gotten caught if they were smaller. There is no privacy online, ever.
Logan Williams
Can anybody explain how exactly Uber works? You call for a Uber taxi, then the rider pays Uber and Uber pays the rider a small chunk? How does have multiple phones make you more money? All that means is that multiple fake riders will just have to pay Uber more, it should be a net loss if Uber takes their cut before giving it to the driver.
Jacob Turner
New driver incentive + free ride = free money
Idk how stolen iPhone comes into the picture though. Android phones can be had for as little as $25 and all the identifiers are easily changed.
