Was Uber Tracking It’s Users?

You may have seen in the news, an article about Uber, who’s been accused of tracking users even after they deleted the app from their iPhones.

Source Article: https://techcrunch.com/2017/04/23/uber-responds-to-report-that-it-tracked-users-who-deleted-its-app/

Well, what exactly was happening, was Uber had used some code inside of their app, so that it could create a unique fingerprint of the user’s device. They claim that they were doing this as a way to prevent fraud, because what they were seeing was some people would have an iPhone and they would get a stolen credit card, cause big charges for Uber drives, and then they would delete that app. Then, they would put it on again and then create a new user account. So, Uber put this code in there so they could define which individual users were which.

That doesn’t sound so bad, right? They said they were doing this to prevent fraud, which is what they allegedly were doing. The way they were doing this was by creating a unique identifier called a UUID. The problem with that is it actually went against Apple’s terms of service. With Apples terms of service for developers, it says you cannot track users that way. Once they delete the app you’re supposed to stop tracking them. So, there was an issue there.

The thing that really seems fishy here, according to the alleged articles, is that Ubers code allegedly had a geofence in there that actually prevented people in Cupertino, which is where Apple’s headquarters are, from seeing that piece of the code. So, it didn’t affect all users, only affect a large percentage of users. Almost like they were trying to hide it from Apple, which it seems a little off, right?

The bottom line here is, it really wasn’t necessarily a privacy breach. They were doing it to prevent some kind of fraud from occurring, but the way they executed it it sounds like it smells a little fishy. Now, we don’t have the code, we don’t have the details of this, but again they’re still going to be reviews going on to see exactly what happened. If you follow the news, we’ll see what ends up coming out of this.

But, the bottom line here is that you know if you’re a company, and you’re an app developer, you just want to stay ethical. You want to do things the right way, things even if they aren’t necessarily “wrong”, can smell wrong and it can really put your business in a bad light. In this case, Uber is getting a lot of press over this that is just not really helpful to their business image.

Visit https://www.JasonDion.com for cyber security information, certification exam prep courses, and more.

Additional Courses:
** Network+ (N10-006): Full Course on Udemy (90% off, only $10) **

** Anatomy of a Cyber Attack on Udemy (90% off, only $15) **

Jason Dion, CISSP No. 349867, is a Adjunct Instructor at Liberty University’s College of Engineering and Computational Science and Anne Arundel Community College’s Department of Computing Technologies with multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), Security+, Network+, A+, and Information Technology Infrastructure Library v3. With networking experience dating back to 1992, Jason has been a network engineer for the United States Navy Southern Command, served as the Deputy Director of the Theater Network Operations Center Middle East, and the Information Systems Officer for Navy Information Operations Command Maryland. Jason holds a Master’s of Science degree in Information Technology with a specialization in Information Assurance from University of Maryland University College, a Master’s of Arts and Religion in Pastoral Counseling, and a Bachelor’s of Science in Human Resources Management from New School University. He lives in the greater Washington D.C./Baltimore, Maryland area with his wife and two children.