Apple Core

Forums

Uber Proves iPhones Are Not as Secure as You Think

23

The headlines have people upset with Uber and their scummy tactics, rightly so. But isn't the bigger story that the iPhone's supposed security to the device level was compromised at a level its users don't expect?

Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called "fingerprinting." Uber could then identify an iPhone and prevent itself from being fooled even after the device was erased of its contents.

There was one problem: Fingerprinting iPhones broke Apple’s rules. Mr. Cook believed that wiping an iPhone should ensure that no trace of the owner’s identity remained on the device.

So Mr. Kalanick told his engineers to "geofence" Apple’s headquarters in Cupertino, Calif., a way to digitally identify people reviewing Uber’s software in a specific location. Uber would then obfuscate its code for people within that geofenced area, essentially drawing a digital lasso around those it wanted to keep in the dark. Apple employees at its headquarters were unable to see Uber’s fingerprinting.

TechCrunch has a bit more on this, but based on what I've read, it seems pretty easy to track an iPhone against Apple's rules once an app is installed, and even avoid detection - even with newer safeguards in place. Uber's "problem", was eventually they got caught.

https://techcrunch.com/2017/04/23/uber-responds-to-report-that-it-tracked-users-who-deleted-its-app/

The Verge article: https://www.theverge.com/2017/4/23/15399438/apple-uber-app-store-fingerprint-program-tim-cook-travis-kalanick