超级的识别和标记的iphone

迈克艾萨克的超级CEO的特拉维斯兰格尼为《纽约时报》contains an accusation that, on its face, sounds outrageous:

几个月来,先生Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple’s engineersThe reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

但苹果是在欺骗,当先生Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr厨师准备“So, I’ve heard you’ve been breaking some of our rules,” MrCook said in his calm, Southern tone停止欺骗,先生Cook then demanded, or Uber’s app would be kicked out of Apple’s App Store.

先生兰格尼,这一刻充满了张力If Uber’s app was yanked from the App Store, it would lose access to millions of iPhone customers — essentially destroying the ride-hailing company’s business因此,兰格尼即位。

“秘密识别和标记甚至iphone应用程序被删除后,设备擦除”是一个相当惊人的指控,因为它听起来像它应该在技术上是不可能的也是非常不清楚超级能够收集信息从这些“识别和标记”iphone之外的某种独特的设备标识符不幸的是,《纽约时报》的故事非常缺乏细节但值得注意的是,《纽约时报》这些手机说超级“跟踪”很多人跳的结论是,乳房在某种程度上的位置跟踪用户即使他们删除这个超级应用,但“跟踪”这个词只出现在本文的上下文中兰格尼拥有“擅长跑道和踢足球”在高中。

(更新:这就解释了很多,关于今天的这个故事。第一次出版时,《纽约时报》的故事做了使用“跟踪”这个词,但后续修订这个词改为“识别和标记”。)

阅读字里行间,是有可能的,我的直觉很可能——超级不是说任何在这些iphone除了它的应用安装和运行时从本文的最后:

The idea of fooling Apple, the main distributor of Uber’s app, began in 2014.

At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resoldSome Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then acceptSince Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way.

To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

There was one problem: Fingerprinting iPhones broke Apple’s rules. MrCook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.

艾萨克报道什么不需要任何代码比超级时在iPhone上运行的其他应用程序本身是安装并启动了我猜测,但也可能是这样的:

  1. 这个超级应用,安装时,指纹设备,和报告指纹超级的服务器,在与用户的超级帐户(所有iphone有一个唯一的设备标识符————但“范围”苹果在2012年禁止第三方应用访问它超级要么找到一种方法来访问范围偷偷地,或创建其他唯一标识设备的方式,即使他们已经擦拭要确切地知道他们所做的,但为了我的论点在这里没关系。)

  2. 这个超级应用从设备中删除和/或设备擦拭在这一点上,超级知道设备的指纹,但不能用它来跟踪设备以任何方式,他们不在乎,因为直到有人重新安装手机上的超级应用这本书不是被用于欺诈。

  3. 这个超级程序是安装在iPhone上当它启动时,它确实指纹检查和电话回家超级现在知道这是他们见过相同的iPhone,因为指纹匹配这是违反了苹果公司的隐私政策。

但在步骤3中,当超级程序重新安装,我不认为超级“跟踪”他们不在乎——《纽约时报》说,整个项目设计在中国反欺诈,这需要超级iphone应用程序重新安装在偷了。

重复的打开文章,艾萨克写道:

So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple’s privacy guidelines.

听起来像超级做标识和“标签”(无论)在应用程序被删除和/或设备擦拭,但我认为它可能-可能——实际上意味着仅仅是识别保存在应用程序被删除和/或设备擦拭这不是在技术上应该是可行的——iOS api UDID和甚至MAC地址停止报告惟一标识符年前,因为他们被滥用隐私入侵广告追踪,分析包,名为shitbags超级喜欢这是错误的,和苹果是正确的结束它,但这是耸人听闻的远远少于超级的前景已经能够识别和“标签”iPhone这个超级应用被删除后者的场景只有在技术上似乎可行的其他第三方应用程序执行秘密代码,这些东西通过超级的SDK,或者如果这个超级应用留下了恶意软件在应用的沙箱我不认为是这样,因为我不认为苹果会犹豫从App Store删除超级如果是用隐藏的家里打电话恶意软件感染的iphone。

这篇文章也带来一些问题:

  • What APIs and device info was Uber using to identify iPhones? Are these API loopholes now closed in iOS? If we don’t learn exactly what Uber was using to identify devices, we cannot know that the technique no longer worksiOS用户应该能够相信他们删除一个应用程序时,所有他们的设备之间的连接和断开连接的应用程序的开发者,擦拭设备时,一切个人识别已被删除。

  • What exactly did Apple know about Uber’s actions in this regard when Tim Cook called Kalanick in for the meeting? Was Apple aware that Uber was specifically keeping a database of unique iPhone identifiers? If so, how?

  • What prompted Apple to investigate Uber in this regard? And why did Uber suspect Apple was going to investigate, prompting them to geofence their fingerprinting so it wouldn’t trigger in Cupertino? (My theory: the Uber app was calling private APIs, and they used the geofence to avoid calling those private APIs while the app was in App Store review, assuming, perhaps incorrectly, that all App Store reviewers work in Cupertino应用商店检查可以确定应用程序调用私有api。)

  • 更新: Why didn’t Apple require Uber to disclose what they’d done as a condition for remaining in the store? Shouldn’t iPhone users who had Uber installed know about this?

(更新2: Strafach检查2014超级iOS应用程序的构建,发现它们使用私有api使用IOKit把设备从设备序列号注册表可能会有更多的,但这仅是应用商店的公然违反政策。Strafach confirms超级的技术是使用不再在iOS 10工作。)


这篇文章还包含这个non-Apple-related的珍闻:

Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice IntelligenceUsing an email digest service it owns named Unroll.me, Slice collected its customers’ emailed Lyft receipts from their inboxes and sold the anonymized data to UberUber used the data as a proxy for the health of Lyft’s business(Lyft, too, operates a competitive intelligence team.)

Slice confirmed that it sells anonymized data (meaning that customers’ names are not attached) based on ride receipts from Uber and Lyft, but declined to disclose who buys the information.

不用说,这是超级垃圾我们期望从乳房但应该为自己感到羞愧他们的Unroll.me服务是作为一个工具来“清理你的收件箱”通过识别订阅电子邮件和允许您从他们散装退订“免费”,你不付给他们钱,但他们向超级公司出售你的个人信息据说这一信息是匿名的,但被iphone也应该是匿名,和超级发现至少一个绕过。