Apple threatened to drop Uber’s app over iPhone tracking (updated)

Uber is no stranger to trouble, but it may have landed in some especially hot water two years ago. New York Times sources claim that Apple CEO Tim Cook held a face-to-face meeting in early 2015 to call out Uber’s Travis Kalanick (and threaten to remove his app from the App Store) after learning that Uber was not only violating iOS app privacy guidelines, but was trying to cover it up. Reportedly, the ridesharing outfit had been “fingerprinting” iPhones with permanent identities so that it could prevent drivers from cheating by creating fake accounts and accepting rides from these bogus customers. The IDs would last even after the app was deleted or the entire phone was wiped. While this helped keep drivers honest, it was clearly a privacy violation — and it was made worse by Uber’s bid to hide the tracking from App Store reviewers.

Reportedly, Kalanick told staff to “obfuscate” the Uber app’s fingerprinting code for anyone operating from Apple’s current headquarters in Cupertino. As far as the people at Infinite Loop could see, it was business as usual. However, the trick didn’t work for long. Apple workers outside of the headquarters eventually spotted the shady behavior, leading to the meeting with Kalanick. The approach isn’t that uncommon for Uber (it recently admitted that it used location-based techniques to fool regulators), but it’s particularly brazen given the risk of being dropped from the App Store and losing millions of customers.

Apple isn’t commenting on the meeting with Cook, and we’ve reached out to Uber for its take on the allegations. However, it’s safe to say that Uber would like to leave an issue like this in the past. The company is trying to turn a corner, and Kalanick himself is looking for a second-in-command to keep his boundary-pushing tendencies in check. This revelation certainly won’t help matters, though. It reinforces the notion that Uber is all too willing to break rules in the name of money, even if it’s motivated by honest concerns like fraud.

Update: Uber has responded to Engadget, and maintains that its staff “absolutely do not” track individual users after they’ve deleted the app. The company adds that fingerprinting is a “typical way” of preventing people from using stolen phones for joyrides, and otherwise thwarting “known bad actors.” You can read the full statement below. It’s good to hear that the company isn’t tracking people, but the heart of the story revolves around hardware fingerprints — those still violated Apple’s privacy guidelines, even if Uber couldn’t definitively associate phones with specific customers.

“We absolutely do not track individual users or their location if they’ve deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users’ accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users.”

Source: New York Times

Engadget RSS Feed

Police seek Amazon Echo data in murder case (updated)

Amazon’s Echo devices and its virtual assistant are meant to help find answers by listening for your voice commands. However, police in Arkansas want to know if one of the gadgets overheard something that can help with a murder case. According to The Information, authorities in Bentonville issued a warrant for Amazon to hand over any audio or records from an Echo belonging to James Andrew Bates. Bates is set to go to trial for first-degree murder for the death of Victor Collins next year.

Amazon declined to give police any of the information that the Echo logged on its servers, but it did hand over Bates’ account details and purchases. Police say they were able to pull data off of the speaker, but it’s unclear what info they were able to access. Due to the so-called always on nature of the connected device, the authorities are after any audio the speaker may have picked up that night. Sure, the Echo is activated by certain words, but it’s not uncommon for the IoT gadget to be alerted to listen by accident.

Police say Bates had several other smart home devices, including a water meter. That piece of tech shows that 140 gallons of water were used between 1AM and 3AM the night Collins was found dead in Bates’ hot tub. Investigators allege the water was used to wash away evidence of what happened off of the patio. The examination of the water meter and the request for stored Echo information raises a bigger question about privacy. At a time when we have any number of devices tracking and automating our habits at home, should that information be used against us in criminal cases?

Bates’ attorney argues that it shouldn’t. “You have an expectation of privacy in your home, and I have a big problem that law enforcement can use the technology that advances our quality of life against us,” defense attorney Kimberly Weber said. Of course, there’s also the question of how reliable information is from smart home devices. Accuracy can be an issue for any number of IoT gadgets. However, an audio recording would seemingly be a solid piece of evidence, if released.

Just as we saw with the quest to unlock an iPhone in the San Bernardino case, it will be interesting to see how authorities and the companies who make smart home devices work out the tension between serving customers, maintaining privacy and pursuing justice.

Update: An Amazon spokesperson gave Engadget the following statement on the matter:

“Amazon will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”

As a refresher, Echo only captures audio and streams it to the cloud when the device hears the wake word “Alexa.” A ring on the top of the device turns blue to give a visual indication that audio is being recorded. Those clips, or “utterances” as the company calls them, are stored in the cloud until a customer deletes them either individually or all at once. When that’s done, the “utterances” are permanently deleted. What’s more, the microphones on an Echo device can be manually turned off at any time.

Source: The Information

Engadget RSS Feed

T-Mobile tells iPhone owners not to install iOS 10 just yet (Updated)

T-Mobile issued a stern warning to its customers against downloading and installing the new iOS 10 update to their existing 6, 6 Plus and SE iPhone models. According to the T-Mobile website, doing so will, cause the handset to “lose connectivity [to the T-Mobile network] in certain circumstances.” Once that happens, the user can only re-establish their network connection by fully powering down the phone and restarting it. That said, the company does expect Apple to push a corrective patch live within the next 48 hours. Update: On Thursday night, T-Mobile announced that Apple had released its patch for the connectivity issue. If you had already downloaded iOS 10 (and were therefore at risk for this issue), go to Settings > General > About, to install the fix. If you hadn’t yet installed the new OS, feel free to do so without fear of having your cell service randomly drop.

Via: Verge

Source: T-Mobile

Engadget RSS Feed

iPhone 7 will get a larger camera, according to spy shot (updated)

Another week, another iPhone 7 leak. (Hey, it rhymes!) Following the set of components allegedly showing dual-SIM support, up to 256GB of storage and a 3.5mm headphone jack on the next iPhone, Chinese repair shop Rock Fix is back with a photo of what it claims to be the 4.7-inch iPhone 7’s rear casing. Most notably, there are fewer plastic antenna bands here, and the main camera is said to feature a larger CMOS sensor — here’s hoping this will offer larger pixel sites to boost light sensitivity. What’s interesting is that contrary to WSJ’s report earlier this week, Rock Fix pointed out that the headphone jack is here to stay on one of the two 4.7-inch variants, which would explain why we’re seeing conflicting rumors about the headphone jack.

Rock Fix added that the cheaper 4.7-inch model — our money’s on the one that’s keeping the headphone jack — will replace the aging iPhone 6 in the new lineup. As for the bigger iPhone 7 Plus, it’ll unlikely have a variant with the headphone jack, but we’re told that it’ll be the only one featuring the special dual-lens camera we saw last time. Both sizes will apparently have dual-SIM slots, which is a common feature in competitive markets like China and India. If true, this move will hopefully give Apple a much needed boost after its recent iPhone sales decline.

Update: We’ve updated our article with new information regarding the special variant that will apparently be keeping the headphone jack, as well as the above image of a purported iPhone 7 chassis without the headphone jack.

Source: Rock Fix (Sina Weibo)

Engadget RSS Feed