Uber Breaks Apple Rules by Fingerprinting iPhones After Deletion

Our phones today are home to dozens of apps providing both entertainment and utility. Each of these apps requests permissions from the system to access certain types of data. Apple makes it easy to see what apps use which permissions through the settings page on all iOS devices. However, how can you be sure that apps are playing by the rules?

According to a recent report by the New York Times, Uber recently landed itself in more hot water when Apple uncovered efforts to circumvent the App Store’s Terms of Service. When users delete an app from their phone, that should be the final word. The Terms of Service state that app developers can no longer track or use any information to “remember” an iPhone after deletion. However, in what it claims was an effort to combat fraud, Uber undertook a widespread “fingerprinting” effort that allowed it to identify iPhones even if a user performed a complete reset.

Uber says it did this to prevent fraudsters from using fake payment details or gaming the system to earn ride credits. Apple regularly reviews apps looking for evidence of fingerprinting and other prohibited behavior.  Uber, however, employed a tactic known as “geofencing” to hide what it was doing from Apple. “Geofencing” is a method whereby the developer codes the app to appear to perform completely legitimately to anyone within the geographical area around Apple HQ.  In this way, engineers at Apple’s headquarters were unable to see any offending code or behavior. 

Unfortunately for Uber, engineers outside this area quickly uncovered the deception. Apple’s CEO summoned the head of Uber for a personal meeting, the Times reported, and threatened the company with removal from the App Store. Uber says it has since ended its practice of fingerprinting phones and further claims it never tracked user locations after deletion.

Regardless of what the ride-sharing company claims, this entire incident should serve as a warning sign for iOS users. Though Apple works vigilantly to maintain a secure ecosystem, there will always be unscrupulous developers. Users may not have been able to detect this fingerprinting on their own, but you can still turn a critical eye towards what you install on your phone. With our phones holding so much personal information, avoiding apps that don’t treat their users with respect is a good rule of thumb.