Tim Cook dressed down Uber CEO Travis Kalanick — and even threatened to boot Uber out of the App Store — for violating Apple’s privacy rules, claims a new report.
Uber broke iOS privacy laws in an attempt to crack down on a certain kind of fraud in China, in which some drivers would earn incentives by booking fake rides on iPhones, which they then wiped. This allowed them to earn more money.
To stop them, Uber added a line of code as part of a practice called “fingerprinting.” This mean that it could identify iPhone serial numbers even after they had been erased.
The problem? Doing this broke Apple’s rules (wiping an iPhone should leave no trace whatsoever of a previous owner’s identity).
As a result, Uber CEO Travis Kalanick was reportedly confronted by Cook, who told him, “I’ve heard you’ve been breaking some of our rules,” and threatened to remove Uber from the App Store.
In a statement, Uber said: “This is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone — over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognise known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
In the latest version of iOS, the “fingerprinting” technique no longer works. The method employed by Uber was revealed by security researcher Will Strafach, who looked at a 2014 version of the Uber iOS app, and discovered that it was using private APIs to use IOKit to extract the iPhone’s device serial number from the device registry. This no longer functions in iOS 10.
Source: The New York Times
Via: Daring Fireball