Source Article: https://techcrunch.com/2017/04/23/uber-responds-to-report-that-it-tracked-users-who-deleted-its-app/
Visit https://www.JasonDion.com for cyber security information, certification exam prep courses, and more.
** Network+ (N10-006): Full Course on Udemy (90% off, only $10) **
** Anatomy of a Cyber Attack on Udemy (90% off, only $15) **
You may have seen in the news, an article about Uber, who's been accused of tracking users even after they deleted the app from their iPhones. So, let's look into this for a couple of seconds here.
Well, what exactly was happening, was Uber had used some code inside of their app, so that it could create a unique fingerprint of the user's device. They claim that they were doing this as a way to prevent fraud, because what they were seeing was some people would have an iPhone and they would get a stolen credit card, cause big charges for Uber drives, and then they would delete that app. Then, they would put it on again and then create a new user account. So, Uber put this code in there so they could define which individual users were which.
That doesn't sound so bad, right? They said they were doing this to prevent fraud, which is what they allegedly were doing. The way they were doing this was by creating a unique identifier called a UUID. The problem with that is it actually went against Apple's terms of service. With Apples terms of service for developers, it says you cannot track users that way. Once they delete the app you're supposed to stop tracking them. So, there was an issue there.
The thing that really seems fishy here, according to the alleged articles, is that Ubers code allegedly had a geofence in there that actually prevented people in Cupertino, which is where Apple's headquarters are, from seeing that piece of the code. So, it didn't affect all users, only affect a large percentage of users. Almost like they were trying to hide it from Apple, which it seems a little off, right?
The bottom line here is, it really wasn't necessarily a privacy breach. They were doing it to prevent some kind of fraud from occurring, but the way they executed it it sounds like it smells a little fishy. Now, we don't have the code, we don't have the details of this, but again they're still going to be reviews going on to see exactly what happened. If you follow the news, we'll see what ends up coming out of this.
But, the bottom line here is that you know if you're a company, and you're an app developer, you just want to stay ethical. You want to do things the right way, things even if they aren't necessarily "wrong”, can smell wrong and it can really put your business in a bad light. In this case, Uber is getting a lot of press over this that is just not really helpful to their business image.