The Trials of Deleting Uber

Uber's public image has had a hell of a first quarter. I can't recall the last tech company in recent history that ran into shitstorm after shitstorm as reliably and as damningly as they have. In today's New York Times, there's a profile on Uber CEO Travis Kalanick by Mike Isaac that details some of these tribulations, among them them a confrontation with Apple's CEO, Tim Cook. Notably, Uber had attempted to obfuscate from Apple its nefarious practices around user location-tracking and device-identifying (called "fingerprinting"). This practice would allow Uber to identify an individual iPhone even after the app was deleted and/or the phone reset. If it sounds egregious, it is. As The Verge points out, this is more of the same deceptive bullshit Uber has pulled off in recent years, including “evad[ing] government regulators and track[ing] rival drivers, track[ing] customers without permission, and being sued for allegedly stealing proprietary information regarding self-driving cars from Alphabet’s Waymo. “

Can most of this be blamed on the CEO? According to that profile, probably:

But the previously unreported encounter with Mr. Cook showed how Mr. Kalanick was also responsible for risk-taking that pushed Uber beyond the pale, sometimes to the very brink of implosion.

Crossing that line was not a one-off for Mr. Kalanick. According to interviews with more than 50 current and former Uber employees, investors and others with whom the executive had personal relationships, Mr. Kalanick, 40, is driven to the point that he must win at whatever he puts his mind to and at whatever cost — a trait that has now plunged Uber into its most sustained set of crises since its founding in 2009.

As long as deleting apps and still having the potentiality of being tracked by the deleted company is a threat to privacy and security, I hope technology gate companies like Apple continue to fight the good fight.

Update (APRIL 24, 2017)

Additional speculation (and clarification) from the fallout of the New York Times profile article from John Gruber (Apple pundit extraordinaire):

That sounds like Uber was doing the identifying and “tagging” (whatever that is) after the app had been deleted and/or the device wiped, but I think what it might — might — actually mean is merely that the identification persisted after the app had been deleted and/or the device wiped. That’s not supposed to be technically possible — iOS APIs for things like the UDID and even the MAC address stopped reporting unique identifiers years ago, because they were being abused by privacy invasive ad trackers, analytics packages, and entitled shitbags like Uber. That’s wrong, and Apple was right to put an end to it, but it’s far less sensational than the prospect of Uber having been able to identify and “tag” an iPhone after the Uber app had been deleted. The latter scenario only seems technically possible if other third-party apps were executing surreptitious code that did this stuff through Uber’s SDK, or if the Uber app left behind malware outside the app’s sandbox. I don’t think that’s the case, if only because I don’t think Apple would have hesitated to remove Uber from the App Store if it was infecting iPhones with hidden phone-home malware.

John's whole piece is worth reading if you want much clarity on what Uber was presumably doing. Curious what their tactics were/are for other phone manufacturers.