That Story About Uber Tracking People After They Deleted The App? Yeah, That's Not Really Accurate

from the let's-try-this-again dept

Have you heard the story about how Uber was tracking ex-users even after they had deleted the app from their phone? You'd have to be living under a rock to have missed it. It came from a fascinating NY Times profile of Uber's CEO/founder Travis Kalanick and is the opening anecdote, and then it started spreading like wildfire across social media.

Travis Kalanick, the chief executive of Uber, visited Apple’s headquarters in early 2015 to meet with Timothy D. Cook, who runs the iPhone maker. It was a session that Mr. Kalanick was dreading.

For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineers. The reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

But Apple was onto the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. “So, I’ve heard you’ve been breaking some of our rules,” Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.

This has created lots and lots of headlines all over the place, claiming that Apple kept tracking ex-Uber users after they'd deleted the app. And some even whining that Apple "let" Uber get away with this with no more than a verbal scolding. The most egregious of these is Andrew Orlowski, over at the Register, who has never found a story about a tech company he couldn't totally misreport to make the company look worse. Here, he claims: Uber cloaked its spying and all it got from Apple was a slap on the wrist. Others just claimed that Uber was "tracking users even after they deleted the app."

Except, if you actually read what the NY Times said it notes that what the company was doing was an anti-fraud detection. Did it break Apple's rules and go too far? Yes, absolutely. Was it bad? Probably. Was it tracking users who deleted the app? No, not at all. Again, there are plenty of legitimate reasons to dislike Uber or to dislike its business practices or its management. But that's no excuse to oversell a story that already looks bad. Uber clearly broke the rules and used a fairly sketchy maneuver to track phones to prevent fraud -- but that's not the same as tracking users who deleted the app. Wired has a pretty clear summary of what actually happened:

Fingerprinting, in and of itself, has plenty of non-invasive uses. Uber, for example, deployed it to help prevent fraud. Being able to identify when a device reinstalls a particular app helps developers spot phones that are, say, bouncing around the black market. In Uber’s case, fingerprinting kept drivers, especially those in China, from gaming a promotion that rewarded them for maximizing ride volume. The company discovered that some drivers were buying stolen phones, creating dummy Uber accounts, and using those phones to call for rides.

When someone uninstalls an app that uses fingerprinting, it leaves behind a small piece of code that can be used as an identifier if the app is ever reinstalled on the device. For the iOS App Store, Apple originally permitted developers to keep track of their users over time using a broad Unique Device Identifier (UDID). Beginning with iOS 5, though, Apple scaled this back, because of the potential privacy implications of giving developers permission to individually ID users even after their app had been uninstalled. Instead, Apple turned to more limited mechanisms, like advertising IDs and vendor IDs. These still give developers the ability to do fraud defense, but with less leeway for potential privacy abuse.

Uber took it one step further, which is to say, one step too far, using application program interfaces designed to access data like an iPhone’s device registry and Apple-assigned serial number.

Again: this is not excusing what Uber did. It clearly broke Apple's rules, and using this kind of fingerprinting can have some problematic consequences for privacy. And, yes, because everything Uber does seems to come included with some secondary component that makes even reasonable actions look bad, the company geofenced Apple's headquarters to try to try to hide the fact that it was doing this. That seems like a pretty blatant admission that the company knew it was breaking Apple's rules. It just doesn't mean that the company was tracking you after you deleted its app.

I certainly understand that there's a long list of actions by Uber that make people not trust the company. And that's completely valid. But if you're going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: deleted, fraud, press coverage, tracking, travis kalanick
Companies: apple, uber


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • This comment has been flagged by the community. Click here to show it
    identicon
    Kevin Horner, 25 Apr 2017 @ 10:57am

    CLickbait

    I used ot wonder why people didn't like you, Mike... but you're losing your mind. Get some help, please.
    "But if you're going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 11:11am

    "Non-invasive"

    Fingerprinting, in and of itself, has plenty of non-invasive uses. Uber, for example, deployed it to help prevent fraud.

    The actions are invasive or not, regardless of the reason behind them. It doesn't matter whether they prevented fraud. That might justify some invasiveness but doesn't nullify it.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 25 Apr 2017 @ 11:29am

    What the company (should) provide is actually beneficial for everybody and has one hell of a disruptive potential. But the way Uber has been behaving isn't helping the cause. Sadly.

    So, who are we gonna lock up for the fake news spreading around? (just to remind how bad these fake news laws would be)

    link to this | view in chronology ]

  • identicon
    John Cressman, 25 Apr 2017 @ 11:35am

    I don't quite understand

    It seems more of a semantic argument. When they say "track" what they really mean is "keep track of" and it's not the USERS but the PHONE ITSELF that they are "keeping track of" via fingerprinting, which was against Apple's ToS and therefore most users assume that it was not being done, therefore it violated their privacy.

    But as you pointed out, there are many reasons to dislike them.

    link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 25 Apr 2017 @ 11:54am

      Re: I don't quite understand

      It seems more of a semantic argument. When they say "track" what they really mean is "keep track of" and it's not the USERS but the PHONE ITSELF that they are "keeping track of" via fingerprinting, which was against Apple's ToS and therefore most users assume that it was not being done, therefore it violated their privacy.

      I think it goes beyond the semantic argument. There's a wide canyon of difference between "Uber was spying on ex-users" and "Uber had an anti-fraud technique that made sure people weren't gaming their system by deleting the app and reloading it." One looks a lot worse than the other.

      But as you pointed out, there are many reasons to dislike them.

      Yup. And thus it's completely fair to argue the company deserves no benefit of the doubt. But, silly me, I like to focus on a company's actual actions, rather than the hyped up versions that take things out of context. I understand the anti-fraud argument, though the company should have found a way to do that without violating Apple's ToS.

      But the story here should just be Uber's anti-fraud efforts violated Apple's terms, not that it was "tracking users after they deleted the app" which sounds much worse.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2017 @ 12:04pm

        Re: Re: I don't quite understand

        You're using the phrase anti-fraud as a euphemism for tracking users after they deleted the app, which according to reports is what happened. Or are you ok with this type of surveillance just because it was directed at people who's actions meet Uber's idea of potentially fraudulous?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Apr 2017 @ 12:15pm

          Re: Re: Re: I don't quite understand

          Well, if I understand it correctly, it would only matter if they deleted and then reinstalled the app, and the only thing it would track would be that it was previously installed on that phone. It's pretty limited "tracking".

          On the other hand, if I was Apple, I'd ban them forever. Not for tracking users, but for geofencing Apple HQ. That's not something done accidentally.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Apr 2017 @ 12:31pm

            Re: Re: Re: Re: I don't quite understand

            "It's pretty limited "tracking"."

            Yet you concede it is tracking and thus factual.

            link to this | view in chronology ]

            • icon
              orbitalinsertion (profile), 25 Apr 2017 @ 6:26pm

              Re: Re: Re: Re: Re: I don't quite understand

              It bears no resemblance to what people generally mean when they refer to "tracking", so attempting to reduce it to such is misleading at best.

              It also does not "track users after they have uninstalled the app". That is what we call "a lie".

              If they reinstall the app, does the system know the app had been installed and uninstalled before? Yup.

              So the images of Uber surreptitiously installing a glowing red ball up the noses of users who are simply trying to get their asses to Mars are wholly fictional.

              link to this | view in chronology ]

            • icon
              PaulT (profile), 26 Apr 2017 @ 1:11am

              Re: Re: Re: Re: Re: I don't quite understand

              I think that if your argument depends on arguing over which specific definition of the word "track" makes this look unacceptable over the ones that make it look OK, then the argument is pretty weak to begin with. I mean, come on, most programs in Windows leave remnants of themselves on your PC that can be picked up by a reinstall. Does that mean every developer is tracking your PC? If so, why is Uber singled out for attacks? If not, what's the difference?

              Uber seem to have a lot of other issues worth attacking them for without delving into this kind of pettiness.

              link to this | view in chronology ]

      • identicon
        Keith Milner, 25 Apr 2017 @ 12:10pm

        Re: Re: I don't quite understand

        Words are important. Words can be used to lie in subtle ways

        When articles use the words "track" or "tracking" in this context, it is a lie. It could be argued (semantically) that "track" has multiple meanings. However, in this case "track" was deliberately chosen to mislead because, to most people, being told they are "being tracked" implies their location is being reported.

        The article writers in The Register, The Verge, and other websites know that most people will not full read and understand the article to know that, in this case "track" doesn't mean what they think it does. They know that most people will go away believing it is far worse than it is.

        THAT is why it's lie, even though the semantic meaning isn't strictly untrue. It's a lie because the intent of the authors was to deceive.

        It's a bit like when Microsoft accused Google of "Reading" your gmail, which implies actual people snooping through the contents of your inbox. The reality is it means automated scanning (pretty essential for search, antivirus, etc.) which Microsoft's own email services have done for far longer than Gmail has been about.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Apr 2017 @ 1:41pm

          Re: Re: Re: I don't quite understand

          "However, in this case "track" was deliberately chosen to mislead because, to most people, being told they are "being tracked" implies their location is being reported."

          You're clouded by your own bias. There is nothing false in the reporting.

          link to this | view in chronology ]

          • icon
            PaulT (profile), 26 Apr 2017 @ 1:11am

            Re: Re: Re: Re: I don't quite understand

            "There is nothing false in the reporting"

            This would be the point where you explain why...

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 26 Apr 2017 @ 5:41am

              Re: Re: Re: Re: Re: I don't quite understand

              Physical location tracking is mentioned nowhere in the OP or source articles. It only exists as an implication put forward by commenters here. People are creating an implication based on perceived bias against Uber where none exists.

              link to this | view in chronology ]

              • icon
                PaulT (profile), 26 Apr 2017 @ 5:57am

                Re: Re: Re: Re: Re: Re: I don't quite understand

                "It only exists as an implication put forward by commenters here"

                ...and pretty much everywhere else if you read the comments there and the opinions stated. But we're wrong here for pointing out the implication that's led to people jumping to the conclusion that it's about location. Got it.

                link to this | view in chronology ]

          • identicon
            Keith Milner, 26 Apr 2017 @ 9:25am

            Re: Re: Re: Re: I don't quite understand

            And you aren't being clouded by yours?

            Yes, the phrasing is technically correct, if you look at it coldly and semantically.

            But what is the intent? Do you really believe that these writers, when they used the word "tracking" used it to inform and that there was no intent to mislead their readers into believing this is worse than it is, and to cause outrage based on this?

            If you believe that then I have a bridge to sell you.

            I should point out I'm not defending Uber here: even if it's not as terrible as most people assume, it still was pretty dreadful.

            I'm attacking bad, click-bait journalism that values misleading articles and shock tactics over reporting of the facts. And I get the impression that the author of the article above is too.

            Cheers,

            Keith

            link to this | view in chronology ]

        • identicon
          Chuck, 26 Apr 2017 @ 9:47am

          Re: Re: Re: I don't quite understand

          This isn't tracking, but there's also not a really great word to describe it. Metaphor time!

          Let's say you had a friend who has a bad habit of borrowing your stuff and not bringing it back, but he's still your friend.

          Now, let's say one day he asks if he can borrow your baseball glove. Knowing the odds you'll ever see this glove again are not great, you take an invisible marker pen - the kind that can only be seen by YOUR OWN super-special blacklight - and write a simple "x" on the back of the glove. You lend your friend the glove.

          Years later, you're over at your friend's house, and notice the glove. You remind him that you loaned it to him, and you'd like to have it back. Your friend claims that he got that glove from someone else.

          Now you tell him you wrote an invisible X on the glove, whip out your blacklight, and show him the X. You get your glove back.

          That's what this is. It's a simple marker that "hey, this phone used to have the Uber app installed" that ONLY the Uber app can read. Yes, technically, someone ELSE could check the phone. They might see a strange little piece of code sitting there - code that means absolutely nothing to them - and with that knowledge, they could do what, exactly? Nothing, that's what.

          Like many things related to privacy, this is a case of "privacy for privacy's sake." There is NO way to abuse this. Much like the video game development game which, instead of DRM, punishes you with rampant piracy in-game if you pirate the game itself (or a half-dozen other examples here on TechDirt) this is a problem for the user ONLY if said user is abusing Uber's app in the first place.

          Nothing to see here, guys. Move along.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 11:40am

    Let's remember Uber's idea of "fraud" includes regulators trying to do their job.

    link to this | view in chronology ]

    • icon
      PaulT (profile), 26 Apr 2017 @ 1:13am

      Re:

      So, you attack Uber for having their own definition of the word "fraud" that may be misleading, but deny that the use of the word "track" can be done in misleading ways so that you can attack TD for pointing that out? Interesting tactic.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 11:47am

    Uber's history has shown it cares nothing of the law, rules, or common decency. Intonating that we should view these claims of "pursuing fraud" as legitimate is a joke. Uber only cares about making as much money as possible, devoid of ethics or morality.

    It's a shame to see writers stoop to this level to defend corporate surveillance and misconduct.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 11:53am

      Re:

      Try reading again, slowly.

      "Again: this is not excusing what Uber did. It clearly broke Apple's rules, and using this kind of fingerprinting can have some problematic consequences for privacy. And, yes, because everything Uber does seems to come included with some secondary component that makes even reasonable actions look bad, the company geofenced Apple's headquarters to try to try to hide the fact that it was doing this. That seems like a pretty blatant admission that the company knew it was breaking Apple's rules. It just doesn't mean that the company was tracking you after you deleted its app."

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Apr 2017 @ 11:57am

        Re: Re:

        I don't understand this meme to imply that commenters didn't read the post. If you have a legitimate counterpoint, make it.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 25 Apr 2017 @ 12:22pm

          Re: Re: Re:

          I don't understand this meme to imply that commenters didn't read the post.

          I cannot speak for the previous AC, but it would appear that you did not read the post.

          If you have a legitimate counterpoint, make it.

          I cannot speak for the previous AC, but my counterpoint would be: what exactly in this article do you consider to be "defending corporate surveillance and misconduct"? IMHO, the article is saying "please be accurate in your attacks on corporate surveillance and misconduct".

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Apr 2017 @ 12:39pm

            Re: Re: Re: Re:

            > what exactly in this article do you consider to be "defending corporate surveillance and misconduct"?

            The claim that Uber's anti-fraud efforts were not user tracking. Whatever the purported motivations for tracking, it's still tracking. Uber did collect "data like an iPhone’s device registry and Apple-assigned serial number." They used that unique data to re-identify users.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 12:43pm

      Re:

      Gotta pay the bills somehow. It seems Masnick has chosen the "defend corporations at all times" approach to monetizing.

      link to this | view in chronology ]

      • icon
        orbitalinsertion (profile), 25 Apr 2017 @ 7:15pm

        Re: Re:

        *snort*

        link to this | view in chronology ]

      • icon
        PaulT (profile), 26 Apr 2017 @ 1:16am

        Re: Re:

        I'm sure you'll keep this impression next time he criticises a **AA member corporation or an ISP/cable company? Right?

        Call Mike whatever you want, but he seems to have a lot more consistency in his views than the AC brigade.

        link to this | view in chronology ]

  • identicon
    Max, 25 Apr 2017 @ 12:23pm

    Unrelated to this particular issue, it seems that lately mr. Orlowski's sole raison d'etre at the Register is to churn out vitriolic rants as damning as possible on any one of his many pet peeves (mainly Wikipedia, Uber or "freetards"), regardless of the actual news that prompts the latest missive.

    I don't think he realizes the amount of damage he and his blind "crusade" alone does to a news outfit already heading in a rather questionable direction...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 12:24pm

    At least they can delete their Uber app. My non-rooted Android (LG + AT&T) Only lets me "disable" the bloatware lile Uber, Twitter, etc.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 12:34pm

    Advertising Tracking ID

    What's amusing about people getting so upset about this is that Apple already has an unique ID that advertisers can use to ID devices. The catch is that it can be turned off (or reset) whenever the user wants so obviously it wouldn't be any use to Uber. But I bet 9/10 people don't even know about it and have it turned on.

    link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 25 Apr 2017 @ 1:47pm

    I am outraged and will never use Uber again!

    Until the next time I need a cheap, fast and convenient ride.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Apr 2017 @ 3:52pm

      Re: I am outraged and will never use Uber again!

      Is Uber the only option where you live?

      link to this | view in chronology ]

      • icon
        PaulT (profile), 26 Apr 2017 @ 1:17am

        Re: Re: I am outraged and will never use Uber again!

        In some places, they are, at least if you want the "cheap, fast and convenient" parts to be true. The reason why they were so disruptive to begin with is that traditional taxi services were often none of these.

        link to this | view in chronology ]

  • icon
    David (profile), 25 Apr 2017 @ 4:11pm

    Two news sources that are suspect.

    Sort of the usual suspects of news in my experience.

    The Register of course, some of their coverage is good, but they do seem revel in their bad apples. Who knows, maybe they are only click focused?

    As to the NYT they have a dingy reputation regarding tech, IMO/experience. They routinely have 'deep' articles on tech issue (the trouble with normally) and while they are biased as expected they also base some of their original viewpoint on a misreading of vital data. As in, nobody in tech thinks that it means what they do. Also they like to use old, and I mean up to a decade old, facts to base their tech industry bashing on.

    Of course, the Register takes the prize in this particular misrepresentation of reporting.

    link to this | view in chronology ]

    • icon
      PaulT (profile), 26 Apr 2017 @ 1:21am

      Re: Two news sources that are suspect.

      The Register are essentially a tabloid that occasionally does some decent journalism. But their biases are often very clear and their editing style often suspect (Andrew Orlowski particularly used to be notorious for writing trollish articles with obvious lies and comments turned off so people couldn't correct the bullshit). They can be trusted to write interesting articles, but the underlying facts and the spin should always be questioned.

      NYT are relatively respectable, but they're not particularly tech focused, and so are perhaps a little more easily misled.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Apr 2017 @ 7:06pm

    *looks over comments arguing over implications of tracking* Nope... Not touching that one...

    Though I must ask. Normal computers (i.e. Laptops and Desktops, What is traditionally thought of as a computer in the mind of a user.) have loads of software that do this exact thing all the time, so why is this suddenly an outcry when it comes to mobile phones?

    A bit hypocritical, don't you think? People will accept it on their computer, but not their phone?

    link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 25 Apr 2017 @ 7:19pm

      Re:

      Yes. I suppose it may come down to a mere feeling that they could conceivably scrub their general-purpose OS if they ever cared to bother, but phones are a bit more locked up. (Potential rationale for some. Most probably just like their moral outrage every morning regardless of whether it is true or not or if they would ever have cared otherwise.)

      link to this | view in chronology ]

  • identicon
    Wendy Cockcroft, 26 Apr 2017 @ 6:00am

    Attack for the right reasons

    But if you're going to attack the company, it should be for the bad actions that the company actually did, rather than the exaggerated and misleading descriptions that start spreading across social media.

    I'm becoming of the opinion that the exaggerated and misleading descriptions are created by people who don't believe that the actual actions are all that bad. If I'm right, that's a problem. It means that the people creating and broadcasting the exaggerations and misleading descriptions don't trust people to make their own minds up.

    This is the problem I have with paternalistic authoritarians. They don't know what's best for us. While I'm on the subject, how does that hack Orlowski still have a job?

    link to this | view in chronology ]

    • icon
      PaulT (profile), 26 Apr 2017 @ 6:28am

      Re: Attack for the right reasons

      "While I'm on the subject, how does that hack Orlowski still have a job?"

      I asked myself that numerous times in years past, but then I checked here:

      https://www.theregister.co.uk/about/company/contact/

      According to a Google search, "Executive Editor" basically means he's the boss, sadly. I still go there occasionally, but I back out when I spot his name. Usually not hard, his posts tend to be the ones with comments disabled so that nobody can correct him.

      link to this | view in chronology ]

  • icon
    amoshias (profile), 27 Apr 2017 @ 9:44am

    I understand why you gave this the headline you did.

    I think a more accurate one would be "Shady shit done by company that has been constantly in trouble for doing really shady shit is not quite as shady as previously reported" but that's just not nearly as catchy.

    I mean... do you see why people (myself included) wonder whether your reporting about Uber is fully neutral? There are probably a half-dozen news stories a day that get a major tech item wrong. And most of them involve something more significant than a downgrade from "shady" to "less shady." But you chose this one. And at its absolute best interpretation, this story still shows Uber doing the thing that is most problematic about Uber - Uber breaking rules/regulations and doing whatever it wants. I'm not saying the correction isn't real - it clearly is - but... so what?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.