[caption id="attachment_140303" align="aligncenter" width="3195"] Uber Office Dice Uber offices in San Francisco.[/caption] As detailed in a recent profile in The New York Times, Apple CEO Tim Cook once took Uber CEO Travis Kalanick to task over the Uber app’s ability to track users via sketchy means. Now we know how his company might have done it. It all revolves around IOKit, a private framework that allows access to a device’s hardware and software capabilities. It’s essentially the iOS equivalent of root access (without jailbreaking). It’s also not something that Apple, valuing user privacy, condones; the company wants apps operating in a sandboxed environment. This is where geofencing comes into play. Uber set up a geofence around Apple headquarters in Cupertino, California so the latter wouldn’t be able to tell that the Uber app was making private API calls – because in Cupertino, it wasn’t. That’s essentially how the app, despite accessing explicitly prohibited private APIs, passed app review and made its way onto your phone. (It’s something Apple would easily have caught otherwise.) In a Tweet, security researcher Will Strafach revealed that a 2014 version of the Uber app was using IOKit to “access registry entries.” In his software teardown, we also see entries such as “IORegistryGetRootEntry” and “serial_number,” hammering home that it was pulling identifiable device metadata. It’s important to note Uber wasn’t “tracking” users per se; nor was it able to monitor users who deleted the app at any point. This Apple controversy dovetails with Uber's purchase of data from unroll.me, an email service that bills itself as a means to tidy up your inbox by turning not-quite-spam-but-still-not-necessary emails into a daily newsletter. Uber was buying anonymized data concerning rival Lyft’s communications with users, which the Times says Uber used as a barometer of Lyft's corporate health. Using IOKit essentially breaks every Apple rule concerning development, which has some upset over Cook’s treatment of Uber. Other developers have suffered far worse punishments for less offensive behavior. Uber's ‘loophole’ doesn't work on iOS 10 (Strafach believes it was patched in iOS 8 or 9), so it’s not something anyone can reproduce, but the underlying idea is still troubling. At its worst, Uber was taking drastic means to track phones that had the Uber app installed at some point. At best, it’s a really aggressive and stupid way to find how many users you really have and conduct reconnaissance on the competition. Buying anonymized data isn’t breaking rules, unless you count good faith as a rule. If so, Uber and unroll.me's parent company, Slice, are guilty. And maybe Apple, too, for allowing an app that violated its rules to continue its existence in the App Store.