by Isaac, Mike
The blog post blew up. After circulating across security forums and other internet sites, it landed on Hacker News, a message forum widely read by engineers and the Silicon Valley elite.
What those readers didn’t know was that the armchair hacker had stumbled upon the secret InAuth code library, written inside of the Uber app as part of their secret deal. In order to fingerprint devices, InAuth required far more data than the average smartphone app, which meant asking for all sort of extended permissions. InAuth created device profiles based on this data to triangulate the users’ IMEI numbers. It was a clever technique, and companies besides Uber paid millions to use it. But the practice upset consumers when they discovered how much information they had unknowingly given Uber.
Back at Uber HQ, the fraud team members were freaking out. The public wasn’t supposed to know Uber had a deal with InAuth, much less read the code they had licensed. Should they address the issue with the public? And what if Apple started snooping around? Uber had recently submitted their newest iOS app build. What were they supposed to tell Apple if they found out Uber was breaking the rules?
At first, nothing happened. But a few weeks later they got their answer: the App Store declined Uber’s latest software update. Quentin’s team had been caught.
As the man in charge of the App Store, Eddy Cue had seen the best—and worst—of the startup world.
Eddy Cue reported directly to Apple CEO Tim Cook, and no one else. He was the guy who saw rising startup stars before nearly anyone else in Silicon Valley, because their apps skyrocketed to the top of his charts. When they did, Eddy Cue made it a point to meet the founders. By 2014, the fifty-year-old senior vice president of Apple’s internet software and services business had known about Travis Kalanick for about a year. Cue and Cook saw the potential in Uber early on, and absolutely loved how it used the iPhone’s technology. Cue and Cook had a sit-down with Kalanick, after Uber raised millions from Google Ventures and TPG.
Both Cue and Cook walked away from the meeting struck by Kalanick’s passion and talent, but they weren’t charmed. As Kalanick and Emil Michael spoke at length about Uber’s ambitions, Cue was struck by the founder’s arrogance. Kalanick waved off issues like Uber’s bad reputation in the press and the threat of regulation.
“I know what the hell I’m doing,” Kalanick said to the Apple executives, who between them had fifty years of experience at the highest levels of the computing industry. “No one else knows what they’re doing in ride-sharing. We have it figured out.”
During the meeting, Cue thought challenging Kalanick a bit might bring out his self-effacing side. “Why do the Google investment at all?” Cue wondered aloud. “It feels a little bit like letting the fox in the henhouse. They’ve been into self-driving for years. We always figured something like what you guys are doing would be on their roadmap someday,” Cue said.
Cook nodded, pointing out that potential threat may extend to Uber’s board of directors as well. “Are you at all concerned about Drummond being in the room?” Cook asked, noting the board seat Kalanick gave to David Drummond, Google’s chief legal officer and SVP of corporate development. Cook and Cue saw him as a proxy for Google CEO Larry Page.
“The board is irrelevant,” Kalanick said, waving them off of the idea. “I hand pick all of these guys. They do what I tell them, and the way I’ve structured things, I do what I want.”
Cue was taken aback. Many founders at least performed a sense of humility in public—a strategic modesty that Kalanick clearly lacked.
After the meeting, Cue and Cook remained in regular touch with Uber. iPhones were only as good as the apps that people wished to use on the devices, so Apple made it a priority to keep tabs on its top apps. The executives caught up every three to six months, almost always asking Kalanick and Michael to make the hour-long Uber ride south to Apple’s headquarters in the sunny Cupertino suburbs.
And yet, Uber was never what Apple would call a perfect partner. The startup frequently frustrated App Store executives, those directors below Cue who were responsible for tracking top-performing partners.
Most of the problems came in Uber’s software updates. Every time an App Store company wanted to update its software, they would have to send a new “build,” or new software version of the app, to the App Store for approval. For Apple, handling Uber’s new builds was a particular pain. When Uber sent an update, Apple engineers would often catch them trying to sneak backdoor tricks into its code. One version of Uber’s consumer app, for example, was able to convert itself from the app that riders download to the special app built only for drivers—reducing “friction” for new users—a small but meaningful breaking of Apple’s rules. The new build didn’t fly. Apple caught the misbehavior and gave the company a light scolding. Uber was required to have one app for riders and a separate one for drivers.
As the nits inside Uber’s updates piled up over time, Cue’s lieutenants closely monitored developments within Uber’s app; the engineers studied Uber’s code so rigorously they could tell when the startup was trying to pull another trick.
For a while, Cue was willing to give Kalanick’s engineers the benefit of the doubt. Not all of Apple’s rules were crystal clear, and Uber was a very popular app with iPhone customers. Hackers being hackers, the App Store moderators saw all sorts of little tricks and shortcuts inside the code of apps in the store, some worse than others. Uber’s constant sleight of hand was a pain, but relying on the App Store team to police them was worth the resources.
But things went downhill fast at the end of 2014. App Store leaders had seen the Hacker News post where Uber’s Android app had been decompiled and exposed for the data-sucking beast that it was. Sure enough, Uber’s iOS app was asking for the same types of permissions as well. Uber’s “fingerprinting” solution wasn’t going to fly. As the holidays approached and engineers rushed to get their code approved before everyone took off for vacation, Apple began rejecting Uber’s attempts to push the fingerprinting techniques inside the iOS app.
Back at Uber headquarters in San Francisco, the company’s engineers were scrambling to overcome the constant App Store rejections. In typical Apple fashion, each denial came without a real explanation why Apple had turned Uber down. Uber employees knew it was probably about InAuth’s code, but didn’t want to tip their hand if Apple hadn’t discovered it.
After a long brainstorming session between members of Uber’s fraud and mobile teams, one frustrated mobile engineer stood up. The engineer, a previous Apple employee, knew how Uber could get around the App Store problem. “I have an idea,” he said, before walking out of the conference room and back to the laptop on his desk. “I can handle this.”
It was one thing for Uber’s engineers to fudge the rules every now and then on a new build submission. Loads of developers submitting to the App Store did it.
But this new idea was as brazen as the Trojan Horse. The engineer’s idea was to trick Apple by using a technique called “geofencing,” using the GPS and IP address data from the phone to tell Uber where the user was located. A “geofence” acts much like it sounds; if the user is within a specific geographic radius, the app would perform a certain way. In Uber’s case, if the Uber app was used within the Bay Area or near Apple’s Cupertino headquarters, it wouldn’t run the InAuth “library” of code, which asked for the personal data needed to fingerprint phones.
What that Uber engineer assumed—incorrectly, as it turned out—was that all of Apple’s App Store code reviewers were located in Cupertino and the San Francisco Bay Area. Eventually, an Apple reviewer who wasn’t based in California stumbled upon the InAuth code library. Uber’s ruse was up.
Cue was apoplectic. Fudging your way around Apple’s rules was one thing. But active subterfuge—intentionally hiding an app’s behavior from Apple administrators—was a cardinal sin. Uber was actively deceiving Apple in an elaborate and sophisticated way.
 
; Seething, he sat back in his office chair at Apple’s headquarters, pulled out his iPhone, and dialed a number.
Kalanick answered. He was cheerful. The Uber CEO knew he always needed to stay on Cue’s good side.
Cue wasn’t having it. “We need to talk. We have a real problem.” Cue went into some of the specifics of what Uber was doing with its apps, and made it clear he was pissed off.
“You need to come down here and sort this out with us,” Cue said. “I’ll have my staff get this set up. Goodbye.” Then Cue hung up. He hadn’t even waited for Kalanick to say goodbye.
Kalanick was freaking out. He worried Apple might do something drastic.
He called a meeting, roping Quentin and a few of his team members into a meeting room at Uber headquarters. As Kalanick shut the door, he started asking questions, all of which amounted to: “What the fuck happened?”
Quentin’s team knew, at least generally, what had gone down. He brought in the mobile engineer—who by then was scared out of his mind—and had him explain the technique he used to fool Apple.
As usual, Kalanick paced around the room as the gravity of his team’s actions sank in. In his defense, Kalanick had never told the engineer to lie or cheat Apple. After all, the people working on that team were layers below Kalanick. He expected his leaders to handle their staff appropriately.
What Kalanick did tell his teams was consistent: “We need to win, no matter what. Do whatever it takes.” That message, across every team, up and down every part of the organization, was at the core of each employee’s understanding of Uber. Win, at all costs.
The fraud team started preparing its explanation for what happened—and its apology to Eddy Cue.
Though it is one of the Valley’s most secretive and opaque corporations, everything about Apple’s Cupertino campus works hard to convey the openness and transparency.
Stark white office buildings rise above lush, well-manicured lawns at 1 Infinite Loop. The main entrance echoes the aesthetic of Apple’s retail stores: sheets of glass, solid white walls and a half-domed roof, shielding the building from the hot California sun.
As the group from Uber walked into the building they were ushered to a private conference room. They had prepared a careful presentation for their hosts.
Cue strode into the room, followed by a few of his lieutenants from the App Store. Flanking Cue was Phil Schiller, Apple’s senior vice president of marketing. Since 1997, Schiller had worked for Apple reporting directly to Steve Jobs. Under Jobs, Schiller promoted the revamped iMac in 1998, an egg-shaped blast of color that came in bright orange, lime green, deep turquoise, and other colors. He promoted the iPod in all of its various iterations, helping to create a record-breaking hit. The two Apple execs, both in their early fifties, had a combined net worth in the hundreds of millions.
Cue hammered Kalanick from the start. “We want you to walk us through exactly what happened here, from the beginning how we ended up in this room today.”
Kalanick stammered, shaken, but started from the beginning. He walked Cue and Schiller through the massive fraud across the platform, through the ingenious solutions scammers had and the problems Apple’s iOS updates had created for halting fraud. Emil Michael, the point person for dealing with Cue and the Apple blowup, had prepped Kalanick well.
Kalanick was trying on a new face for this meeting, one of conciliatory regret. He knew he could get away with telling the government and city authorities to kiss his ass. However, on rare occasions, he could sense he needed to humble himself. It almost never happened. But here, at Apple HQ, in front of its top brass—he kissed the ring.
“We want to hear you commit to us,” Cue said to Kalanick, as the group wrapped up the long, tense meeting. “We want to know you will never, ever do this again. Make this promise, or you’re gone, you’re out.”
Cue meant business. He had brought the matter to his boss, Tim Cook, and both of them considered this a serious infraction. No one, no matter how successful the app or company, could lie to Apple and get away with it. For Cook, there was no greater sin than breaching the privacy of his users. Cook would later fight the FBI in public, refusing to unlock the smartphone of a mass murderer in San Bernardino, and would slam Facebook at public events for the company’s intrusive privacy practices. He had no problem supporting Cue on this decision: if Uber didn’t cut it out, Cook and Cue would ban Uber from the App Store.
Kalanick knew they were serious. If word of this showdown got out to the public it would trigger a major scandal. Worse, he knew what an App Store lockout could mean for Uber. His startup was now valued in the tens of billions of dollars, and the iOS downloads accounted for a majority of Uber’s business. Taking Uber off every iPhone in the world would kill his company. Kalanick assured the Apple executives that this would never happen again.
Cue could accept that. But Uber was on probation. They left the meeting with a few stipulations, mostly about how Uber engineers would now be required to submit supporting documentation every time they pushed a new software build to the App Store.
And if Kalanick’s team tried to pull a stunt like this again, Cue wouldn’t be as understanding. Uber would be gone.
Weeks later, Kalanick headed back down to Apple for a regularly scheduled catch-up with Cook and Cue. The first meeting with Cue, Schiller and the top App Store leaders was rough. But this was the one Kalanick was really dreading.
Kalanick tried to play it cool. As he walked back through the front door of Apple’s campus, he wore his favorite pair of Nikes—Darwins were a deep, bright red with matching red laces and a mesh outer coating§§§§§—and striped hot pink and blue socks to give himself an extra pop of color. He looked good on the outside.
On the inside, he was nervous. This was the first time he had seen Cook in person since the blowup between Apple and Uber. He didn’t know how the CEO was going to react.
After the meeting began, Cook, in his calm southern drawl, raised the issue. He wanted to make sure the problem was behind them.
Kalanick shifted in his chair. He had been expecting this, but was still uncomfortable to hear it. He explained it was true—more deferential than ever—but as he assured Cue, it wouldn’t happen again.
Cook nodded. He let the tense moment pass, and the group went on to discuss the rest of the agenda. But in his subtle way, Cook was drawing a line in the sand. If Uber ever, ever tried to deceive Apple again, it would be the end for Uber on his company’s platform.
Kalanick Ubered north, away from the Apple campus, and later met up with a friend. As he debriefed the friend on the afternoon’s events he confessed he was shaken. But only momentarily. The showdown had sent adrenaline surging through him. He had withstood an upset Tim Cook—Tim fucking Cook!—Kalanick said, and his company wasn’t obliterated.
Uber had survived. As his friend watched, Kalanick’s fear melted away and was replaced by a renewed sense of confidence—even swagger. If Uber could take on Apple, it could take on anyone.
Chapter 16 notes
‡‡‡‡‡ I’ve changed my source’s name to protect their anonymity.
§§§§§ Kalanick particularly loved how Darwins gripped the cement floors of Uber HQ when he paced his laps. He wore the shoes to most public events, including his interview with Vanity Fair editor Graydon Carter in 2016.
Chapter 17
"THE BEST DEFENSE..."
The showdown with Apple was a big problem. But even as that crisis was unfolding, Travis Kalanick had an even bigger problem to deal with. To solve it, his CTO, Thuan Pham, had hired a guy named Joe Sullivan. What Joe Sullivan saw was a security nightmare.
As chief security officer at Facebook, Sullivan was used to chaos. He had seen it all over his six years at the social network. Sullivan was responsible for protecting Facebook’s users from identity theft, drug sales, gun sales, kiddie porn distribution. While Mark Zuckerberg was down
the hall discovering new frontiers of the internet to conquer, Sullivan was tracking down digital thieves—the kind of men who, for example, blackmailed women after stealing nude photos from their phones.
But when Sullivan got the email from Thuan Pham, Uber’s chief technical officer, asking for help, Sullivan was intrigued. He had read about the ride-hailing company—no one could escape the headlines about the embattled unicorn. Uber sounded like a hot mess. Tracking riders, digging up dirt on journalists, slurping up user data—at least, that was its reputation.
Rider tracking in particular was a wild invasion of privacy. Kalanick saw it as a neat party trick—literally. When Uber first launched its service in Chicago in 2011, the company invited a small group of high-profile Chicagoans to a private party at the Elysian Hotel. There, he debuted “Heaven.” The guests watched as a giant screen showed hundreds of Uber riders zooming across a map of Chicago in real time. Kalanick and his partner, Ryan Graves, grinned; the crowd was stunned.
While Uber had “Heaven,” Kalanick also held court over “Hell.” That was the nickname of one of Uber’s most highly guarded and extremely valuable internal programs; “Hell” was devised to monitor the locations of all Uber drivers who also drove for Lyft. Uber employees at headquarters would create fake Lyft accounts, which tracked nearby vehicles—up to eight per fake account. Information about those vehicles was then sent back to Uber and stored in a database. “Hell” created a way for Uber to monitor the real-time positions of Lyft drivers. And because many of those drivers worked for Uber as well, Uber could monitor the rates Lyft was offering for drivers and outbid them, thereby swaying drivers to work more regularly for Uber. “Hell,” as Sullivan saw it, was sneaky. It was also highly unethical and would be a public relations nightmare if it ever leaked.