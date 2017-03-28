Submitters: the HN guidelines ask you to please submit original sources (https://news.ycombinator.com/newsguidelines.html). Articles that cherry-pick a sensational detail, wrap that in fresh bait, and hawk it for page views are not original sources.
Any other dev would have been banned from the App Store for life, but because they're Uber they just get a warning.
No, I don't think Cook needs to find time for everyone. I just find this contrast fascinating.
My guess is the app would have been removed from the store. Uber was able to get away with just a warning.
There have been countless posts on HN from smaller devs getting their apps immediately pulled upon an update review for something they got no warning for.
Uber actively tried to deceive the review team.
Doesn't this simply teach would-be bad actors that they get to act with impunity until they get caught, and then simply stop?
Is that "spying"? It's certainly tracking beyond a level I would reasonably expect...
Usually I am not an uber defender, but in this case it seems like the articles only goal is to boost page clicks.
Actually, no, doing so specifically violates Apple's rules. That's the entire point.
That "any app can do that" is tautological... it's not like Uber's app is special in this regard.
There are many things an app can do that violate the ToS. Normally that stuff is caught during app acceptance... Unless the vendor sneakily bypasses the rules by disguising the functionality, as Uber did here.
There doesn't seem to be an easy workaround for jailbroken apps, though, unless you were doing the fingerprinting secretly, like Uber did.
The plethora of $20 off promo codes certainly amplifies this problem, though. Lyft did it better by only allowing $5 off per ride, but with more rides.
If there's a fraud problem, I think it's reasonable to require the developer to handle it in their account system. Yes, this makes it somewhat harder to detect fraud because you lose one important piece of information, but privacy is worth it.
But yes, a strong account system is the best way to go. For a company this mature, it should be feasible to require phone number/email/payment authentication for new users prior to providing services.
Also, for a company the size of Uber, having your app blocked for a month, and not being able to get new features or bug fixes out, is probably a sizable cost, when you factor in lost developer time.
Not being an iOS dev, after a few minutes of Googling it looks like:
- The blessed way to get a unique device ID is identifierForVendor [1]. Is the issue that this changes when users uninstall/reinstall the Uber app?
- The deprecated way to get an ID that persisted across installs was accessing the UDID directly [2]
Can an iOS dev or someone better informed than I comment?
