Uber has not had the cleanest track record for a company of its size and stature since in early 2015, Apple CEO Tim Cook threatened the company to take it off the App Store after it was found to be violating privacy rules.
Travis Kalanick, head of the Silicon Valley giant, was secretly recording data from the customer’s iPhones, even after the app would be deleted, reports New York Times.
For months, the company’s employees were directed to camouflage the app from the engineers sitting at Apple, and continue with its questionable activities. These were a direct violation of the privacy guidelines of Apple, and this prompted Cook to call for a meeting with Kalanick, where he is reported to have said,
So, I’ve heard you’ve been breaking some of our rules.Tim Cook, Apple CEO
In the early 2015 meeting, Cook told Kalanick to stop the trickery, else his app would be booted off the App Store, which would result in loosing millions of iPhone customers, a loss of revenue so major, it could easily cause the company’s downfall.
In his quest for world domination, Kalanick has played grey areas, safety regulations and legal loopholes to his advantage in expanding Uber’s ever-growing presence to almost 70 countries, at a valuation of $70 billion presently, which doesn’t seem to be slowing down anytime soon.
Three Key Highlights in the NYT Report
1. Greyballing Law Enforcement
Uber has sidestepped the authorities by using a tool called Greyball – wherein they show a fake version of the app to some people for disguising the locations of cars and drivers.
It’s essentially geo-mapping locations where they know their app would be getting reviewed by law enforcement agencies, especially in areas where the services were deemed illegal.
The New York Times had reported on this in March, and the company said it will limit the employees from using the tool against law enforcement agencies.
2. Stealing Lyft’s Data
Uber has spent a lot of time, effort and money on one-upping their rivals, especially Lyft. Devoting an entire competitive intelligence team, it bought data from an analytics service called Slice Intelligence. Slice collected the Lyft receipts of customers from their inboxes, using an email digest service it owns called Unroll.me, and sold the anonymous data to Uber.
Apart from that, it asked its employees to book and cancel Lyft rides en masse while others were encouraged to take Lyft rides to persuade the drivers to switch to Uber.
Kalanick also got wind of his main competitor, launching the ‘pool’ system, which he then incorporated into Uber, two days before Lyft was to launch it.
Unroll.me CEO published a blogpost, defending its business practices, stating that Lyft receipts given to Uber were done for it to establish competitive, counter-models.
3. Geo-Fencing Apple
Uber was handling widespread fraud in places like China in 2014. Drivers were creating new profiles, fake email addresses, and requesting dozens of rides from the phones. Since Uber works on an incentive model, the more rides a driver clocked in, the more incentives they earned.
To halt this, they attached a persistent identity to iPhones with a small piece of code, a practice termed “fingerprinting”. This is when they started fooling Apple, as Uber could identify an iPhone, and prevent it from being fooled, even after the contents of the phone were wiped.
But, this broke Apple's cardinal privacy rule – the belief that an iPhone should bear no trace of the owner once it was wiped.
So, Uber "geo-fenced" the Apple headquarters in California, digitally identifying those who would be reviewing Uber's software in a specific locations. Those in the geo-fenced location would not be able to see the code, and Apple's employees were kept in the dark about the fingerprinting.
That 2015 meeting reportedly shook the Uber chief, according to those who saw him walk out of it.
Uber Responds
After the New York Times article was published, Uber responded to TechCrunch, saying they have not flouted any privacy rules.
We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognise known bad actors when they try to get back onto our network is an important security measure for both Uber and our users
Uber said it still uses a form of fingerprinting for detecting fraudulent activities. If a device has been associated with fraud in the past, a red-flag should be raised at the time of signing up. A spokesperson for the company said they have modified their practice to comply with the Apple guidelines rather than doing away with it in totality.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)