Persisting device identification after deletion, after wiping, and hiding it from Apple — just another day in the life of Uber?

Uber has been caught egregiously violating user privacy and App Store guidelines by persisting device identifications even when the Uber app was deleted and the device wiped.

Mike Issac, writing for The New York Times:

For months, Mr. Kalanick had pulled a fast one on Apple by directing his employees to help camouflage the ride-hailing app from Apple's engineers. The reason? So Apple would not find out that Uber had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased — a fraud detection maneuver that violated Apple's privacy guidelines.

But Apple was on to the deception, and when Mr. Kalanick arrived at the midafternoon meeting sporting his favorite pair of bright red sneakers and hot-pink socks, Mr. Cook was prepared. "So, I've heard you've been breaking some of our rules," Mr. Cook said in his calm, Southern tone. Stop the trickery, Mr. Cook then demanded, or Uber's app would be kicked out of Apple's App Store.

The original story used the word "tracking" which made people think Uber was persisting device location rather than device id. ID alone is still egregious though. Uber was able to do this by using private APIs, which is something expressly forbidden by Apple's terms of service. Worse, Uber deliberately tried to hide its violations by geo-fencing Apple's hometown of Cupertino, California. Unfortunately for Uber, it must have forgotten all the other Apple offices around the U.S. and the world. Something especially embarrassing for a location-based company.

Uber was apparently doing it to fight abuse in China, where multiple devices were stolen, wiped, and used to fraudulently extract money from the service. Uber has every right to fight abuse but zero right to do it in a way that violates customer privacy and App Store policy.

If this were a smaller, less important company, it's hard to believe Apple wouldn't have bounced their app right out of the store.

The same New York Times article also alleges further privacy abuse, both on the part of Uber and of Slice Analytics.

Uber devoted teams to so-called competitive intelligence, purchasing data from an analytics service called Slice Intelligence. Using an email digest service it owns named Unroll.me, Slice collected its customers' emailed Lyft receipts from their inboxes and sold the anonymized data to Uber. Uber used the data as a proxy for the health of Lyft's business. (Lyft, too, operates a competitive intelligence team.)

Slice was using data from Unroll.me, a service that offered to help "clean up" inboxes in exchange for log in information that it then used to harvest user data.

This is part of the reason I no longer use a personal Gmail account and don't allow any third-party service access to my work Gmail. Data is more valuable than money. If anyone is still confused by that, just look at what unscrupulous companies are willing to do to get it.

I deleted the Uber app a while ago but this is enough to make me want to re-download it just so I can delete it again. (If it were safe to do so, of course.)

It's not just callous, short-sighted, and unintelligent behavior on the part of Uber, it's another knife in the back of drivers, many of whom are actually liked by their customers.

Just like the interface is the app to most users, the drivers are Uber to most customers, and there's not enough competition in all areas for everyone to easily switch.

No idea if Uber is engaging in similar practices on Android or similarly violating the Google Play terms of service, but how much longer, and how many more abuses, must Uber rack up before serious action starts being taken?