An advocacy group known for challenging the tech industry on privacy called on the Federal Trade Commission Thursday to investigate media reports that Uber could identify specific iPhone devices even after users deleted the ride-hailing app.
The nonpartisan group also asked Acting Chairman Maureen Ohlhausen and Commissioner Terrell McSweeny to determine whether Uber engaged in similar tactics on Android devices and scrutinize whether the company is abiding by its own privacy policies.
“They have a track record of not paying any attention to the rules. That’s why it’s important, no matter what they’ve done with Apple, for the FTC to act,” John M. Simpson, Consumer Watchdog’s privacy project director, said in an interview.
Simpson said the FTC should put an injunction in place to prevent Uber from using similar software in the future.
Representatives for Uber did not immediately respond to requests for comment.
A New York Times report this week revealed that Uber’s app could give iPhones a unique “fingerprint” so that the company could identify devices even if its app was deleted or the phone was erased entirely. The company intended to stymie account fraud in places like China, where some drivers would create multiple accounts to request and accept fake rides, according to the report.
But the practice of tagging iPhones violates Apple’s rules for app makers, and Uber attempted to prevent engineers there from detecting the code by putting Apple’s Cupertino headquarters inside a “geo-fence,” meaning its software would appear differently when viewed in that location. When Apple discovered the deception, Apple chief executive Tim Cook personally told Uber CEO Travis Kalanick to knock it off or Uber’s app would be pulled from its store, the Times reported.
“The fact that they apparently geo-fenced the Apple headquarters so the engineers there couldn’t figure out what was happening exacerbates the situation and implies they knew what they were doing and they were being deceptive about it,” Simpson said.
In a statement provided to multiple media outlets earlier this week, an Uber spokesman denied that the company tracks users after they delete its app.
“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone — over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”
Filing a formal complaint with the FTC does not guarantee the agency will investigate the claim or take action against a company.
But Consumer Watchdog has a record of taking technology companies to task when it believes their practices harm consumers or violate their privacy. In December, it was one of two groups to complain that Google was building detailed profiles of its users by combining data from its various Web services, such as Google search and Google Maps.
Another Consumer Watchdog complaint against Google, filed in 2012, accused the company of bypassing the privacy settings of people using Apple’s Safari Web browser on iPhones. That violation, which was discovered by a researcher at Stanford University, ultimately led the FTC to impose a $22.5 million fine.
Thursday’s letter refers to Uber as “a renegade technology and transportation company whose executives pride themselves on a disruptive, rule-breaking approach to business.”
The complaint is the latest criticism of Uber and its chief executive officer.
Earlier this year, a former female engineer publicly accused the company of failing to address sexual harassment and discrimination claims, prompting an internal review spearheaded by former U.S. attorney general Eric Holder.
Kalanick was also recorded in a terse exchange with an Uber driver over fares. Kalanick later told employees “I need leadership help,” and the board of directors immediately launched a search for a chief operating officer.
Uber’s software has landed the company in trouble before. It was revealed earlier this year that Uber used “Greyball” software to identify and block regulators in cities where it was operating without permission. In March, Uber pledged to stop that practice.
Another software program, dubbed “Hell,” reportedly allowed Uber to monitor the availability and location of drivers for its rival, Lyft, according to The Information. “Hell” also helped the company identify drivers using both apps. That revelation has inspired a class-action lawsuit from a former Lyft driver.
Read more from The Washington Post’s Innovations section.
