John Gruber this morning wrote a good analysis of the NY Times piece accusing Uber of some pretty horrid stuff.
Gruber goes onto say that one technique could have been using private API.
[UPDATE 2: Will Strafach examined a 2014 build of the Uber iOS app and found them using private APIs to use IOKit to pull the device serial number from the device registry. There might be more, but this alone is a blatant violation of App Store policy. Strafach confirms that the technique Uber was using no longer works in iOS 10.]
However, from reading between the lines, I suspect an additional technique uses was probably a fairly common technique used by analytics, ads and most companies out there. The trick is to have the device generate a unique ID and save to the iOS keychain. The iOS keychain, until 10.3, persisted between re-installs. This article shows a how to**,** although I’m unsure if it persisted between factory resets, I’d safely assume so.
I’d even go as far as to say that Uber probably caused this loophole to be prioritized and patched by Apple Engineers.
Personally, I’m glad this technique will no longer work, and subsequently will provide iOS users with a bit more privacy.
As for Uber… ¯\_(ツ)_/¯ … the market will decide what happens to them.
Update: As Will points out, Apple backed out and didn’t actually make the above change in 10.3. Just great, Apple.
Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!