迈克艾萨克的超级CEO的特拉维斯兰格尼为《纽约时报》contains an accusation that, on its face, sounds outrageous:

几个月来,先生Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineersThe reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

但苹果是在欺骗,当先生Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr厨师准备“So, I’ve heard you’ve been breaking some of our rules,” MrCook said in his calm, Southern tone停止欺骗,先生Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.

先生兰格尼,这一刻充满了张力If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business因此,兰格尼即位。




The idea of fooling Apple, the main distributor of Uber’s app, began in 2014.

At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resoldSome Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then acceptSince Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.

To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

There was one problem: Fingerprinting iPhones broke Apple’s rules. MrCook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.


  1. 这个超级应用,安装时,指纹设备,和报告指纹超级的服务器,在与用户的超级帐户(所有iphone有一个唯一的设备标识符————但“范围”苹果在2012年禁止第三方应用访问它超级要么找到一种方法来访问范围偷偷地,或创建其他唯一标识设备的方式,即使他们已经擦拭要确切地知道他们所做的,但为了我的论点在这里没关系。)

  2. 这个超级应用从设备中删除和/或设备擦拭在这一点上,超级知道设备的指纹,但不能用它来跟踪设备以任何方式,他们不在乎,因为直到有人重新安装手机上的超级应用这本书不是被用于欺诈。

  3. 这个超级程序是安装在iPhone上当它启动时,它确实指纹检查和电话回家超级现在知道这是他们见过相同的iPhone,因为指纹匹配这是违反了苹果公司的隐私政策。



So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

听起来像超级做标识和“标签”(无论)在应用程序被删除和/或设备擦拭,但我认为它可能-可能——实际上意味着仅仅是识别保存在应用程序被删除和/或设备擦拭这不是在技术上应该是可行的——iOS api UDID和甚至MAC地址停止报告惟一标识符年前,因为他们被滥用隐私入侵广告追踪,分析包,名为shitbags超级喜欢这是错误的,和苹果是正确的结束它,但这是耸人听闻的远远少于超级的前景已经能够识别和“标签”iPhone这个超级应用被删除后者的场景只有在技术上似乎可行的其他第三方应用程序执行秘密代码,这些东西通过超级的SDK,或者如果这个超级应用留下了恶意软件在应用的沙箱我不认为是这样,因为我不认为苹果会犹豫从App Store删除超级如果是用隐藏的家里打电话恶意软件感染的iphone。


  • What APIs and device info was Uber using to identify iPhones? Are these API loopholes now closed in iOS? If we don’t learn exactly what Uber was using to identify devices, we cannot know that the technique no longer worksiOS用户应该能够相信他们删除一个应用程序时,所有他们的设备之间的连接和断开连接的应用程序的开发者,擦拭设备时,一切个人识别已被删除。

  • What exactly did Apple know about Uber’s actions in this regard when Tim Cook called Kalanick in for the meeting? Was Apple aware that Uber was specifically keeping a database of unique iPhone identifiers? If so, how?

  • What prompted Apple to investigate Uber in this regard? And why did Uber suspect Apple was going to investigate, prompting them to geofence their fingerprinting so it wouldn’t trigger in Cupertino? (My theory: the Uber app was calling private APIs, and they used the geofence to avoid calling those private APIs while the app was in App Store review, assuming, perhaps incorrectly, that all App Store reviewers work in Cupertino应用商店检查可以确定应用程序调用私有api。)

  • 更新: Why didn’t Apple require Uber to disclose what they’d done as a condition for remaining in the store? Shouldn’t iPhone users who had Uber installed know about this?

(更新2: Strafach检查2014超级iOS应用程序的构建,发现它们使用私有api使用IOKit把设备从设备序列号注册表可能会有更多的,但这仅是应用商店的公然违反政策。Strafach confirms超级的技术是使用不再在iOS 10工作。)


Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice IntelligenceUsing an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to UberUber used the data as a proxy for the health of Lyft’s business(Lyft, too, operates a competitive intelligence team.)

Slice confirmed that it sells anonymized data (meaning that customers’ names are not attached) based on ride receipts from Uber and Lyft, but declined to disclose who buys the information.