迈克艾萨克的超级CEO的特拉维斯兰格尼为《纽约时报》contains an accusation that, on its face, sounds outrageous:
几个月来,先生Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineersThe reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.
但苹果是在欺骗,当先生Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr厨师准备“So, I’ve heard you’ve been breaking some of our rules,” MrCook said in his calm, Southern tone停止欺骗,先生Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.
先生兰格尼,这一刻充满了张力If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business因此,兰格尼即位。
The idea of fooling Apple, the main distributor of Uber’s app, began in 2014.
At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resoldSome Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then acceptSince Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.
To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.
There was one problem: Fingerprinting iPhones broke Apple’s rules. MrCook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.
So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.
那听起来像超级做标识和“标签”(无论)在应用程序被删除和/或设备擦拭,但我认为它可能-可能——实际上意味着仅仅是识别保存在应用程序被删除和/或设备擦拭这不是在技术上应该是可行的——iOS api UDID和甚至MAC地址停止报告惟一标识符年前,因为他们被滥用隐私入侵广告追踪,分析包,名为shitbags超级喜欢这是错误的,和苹果是正确的结束它,但这是耸人听闻的远远少于超级的前景已经能够识别和“标签”iPhone后这个超级应用被删除后者的场景只有在技术上似乎可行的其他第三方应用程序执行秘密代码,这些东西通过超级的SDK,或者如果这个超级应用留下了恶意软件在应用的沙箱我不认为是这样,因为我不认为苹果会犹豫从App Store删除超级如果是用隐藏的家里打电话恶意软件感染的iphone。
What APIs and device info was Uber using to identify iPhones? Are these API loopholes now closed in iOS? If we don’t learn exactly what Uber was using to identify devices, we cannot know that the technique no longer worksiOS用户应该能够相信他们删除一个应用程序时,所有他们的设备之间的连接和断开连接的应用程序的开发者,擦拭设备时,一切个人识别已被删除。
What exactly did Apple know about Uber’s actions in this regard when Tim Cook called Kalanick in for the meeting? Was Apple aware that Uber was specifically keeping a database of unique iPhone identifiers? If so, how?
What prompted Apple to investigate Uber in this regard? And why did Uber suspect Apple was going to investigate, prompting them to geofence their fingerprinting so it wouldn’t trigger in Cupertino? (My theory: the Uber app was calling private APIs, and they used the geofence to avoid calling those private APIs while the app was in App Store review, assuming, perhaps incorrectly, that all App Store reviewers work in Cupertino应用商店检查可以确定应用程序调用私有api。)
更新: Why didn’t Apple require Uber to disclose what they’d done as a condition for remaining in the store? Shouldn’t iPhone users who had Uber installed know about this?
Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice IntelligenceUsing an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to UberUber used the data as a proxy for the health of Lyft’s business(Lyft, too, operates a competitive intelligence team.)
Slice confirmed that it sells anonymized data (meaning that customers’ names are not attached) based on ride receipts from Uber and Lyft, but declined to disclose who buys the information.