Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

After tricking govt regulators, Uber got caught breaking Apple's iOS App Store rules

Uber CEO Travis Kalanick. Source: Danny Moloshok/Reuters

Last updated

In 2014, Uber was discovered to be blocking authorities from seeing its cars in order to evade regulations or bans in a series of locations including Paris, Las Vegas, China and South Korea. The next year, Apple found out Uber was also flouting its iOS developer rules to identify users' devices by hardware ID— and nearly got kicked out of the App Store over it.

A new report by Mike Issac for New York Times profiled various high-risk gambles taken by Uber's chief executive Travis Kalanick, following up on an earlier article from March that specifically detailed the "Greyball" evasion software it created to fool authorities.

Issac noted that in early 2015, Uber was summoned to Apple's offices for violating Apple's privacy guidelines. Uber's goal had been to block fraudsters from creating multiple fake accounts on the same iPhones in order to collect new account bonuses.

However, Uber attempted to do this by collecting the UUIDs (essentially a unique hardware serial number) of iOS devices that had installed the Uber app. Apple has worked to prevent its app developers from accessing this information or collecting it.

It is not illegal to do this on Android, where there are far fewer restrictions on collecting data from or about users. In fact, Google itself facilitates device tracking on Android, and advertisers from Amazon to Facebook work to exploit the easy access Android openly offers to developers, malware writers and governments.

Once Apple found out about Uber's activity, Cook brought Kalanick into his office and reportedly stated, "So, I've heard you've been breaking some of our rules," and threatened to block Uber's app from the iOS App Store unless the company backed down. Uber heeded Apple's demands. While Uber's behavior on iOS was reported as "tracking," what it was really doing was collecting identifying hardware ID numbers

While Uber's behavior on iOS was reported as "tracking," what it was really doing was collecting identifying hardware ID numbers, so that even if a user deleted the Uber app or reformatted their device, Uber could later identify the device as having been previously used by the Uber app.

Uber never had the ability to "track" users' location or otherwise control or monitor iOS devices once the user deleted the Uber app or turned off its Location Services. On other computing platforms, it is possible for software to install secret tracking software that the end user won't know exists. This is common on Windows and Android, and can be done on Macs when users install malicious software using administrator permissions.

More privacy problems

In April 2015, Uber poached Apple lawyer Sabrina Ross to work on an internal team focusing on privacy law. Ross had worked at Apple for a little over one year. The interest in bolstering privacy lawyers appeared to be related to a dustup over Uber drivers' ability to track passengers' location for some period of time after their ride completed.

Later that summer, AppleInsider reported that the Electronic Privacy Information Center had filed a Federal Trade Commission complaint against Uber for seeking an expansion of its location tracking and and access to users' contacts.

Uber's defense was that users could disable location tracking and access to contacts on their own if they wished, but that was only true for iOS. On Android, apps commonly ask for broad access to all kinds of data and make users' approval requisite to use the app; there is no way to turn contact syncing off for the app on Android.

Facebook and other apps have similarly long grabbed broad access to Android users' data in ways that are commonly blocked on iOS because of Apple's strict "Walled Garden" App Store rules to protect users' privacy.

Apple backs Lyft's Chinese partner Didi Chuxing

A year later in May 2016, Cook announced a $1 billion investment in Lyft-aligned Chinese ridesharing service Didi Chuxing, which had been involved in intense, expensive competition with Uber to establish itself in China.

After Apple's investment, Uber decided to give up on China and sold off its Chinese business to Didi for $1 billion, as well as accepting a $1 billion investment from Didi to fund its operations outside of China.

Didi and Apple have not revealed many details about their partnership, but both companies are working on self driving vehicle projects in Silicon Valley. Didi recently hired security expert Charlie Miller away from Uber's self-driving team to lead its own security and safety development teams.

Both Didi and Uber have also hired away talent from Google's Waymo self driving car project, which subsequently sued Uber over improperly obtaining its trade secrets.