Reportedly, Kalanick told staff to "obfuscate" the Uber app's fingerprinting code for anyone operating from Apple's current headquarters in Cupertino. As far as the people at Infinite Loop could see, it was business as usual. However, the trick didn't work for long. Apple workers outside of the headquarters eventually spotted the shady behavior, leading to the meeting with Kalanick. The approach isn't that uncommon for Uber (it recently admitted that it used location-based techniques to fool regulators), but it's particularly brazen given the risk of being dropped from the App Store and losing millions of customers.
Apple isn't commenting on the meeting with Cook, and we've reached out to Uber for its take on the allegations. However, it's safe to say that Uber would like to leave an issue like this in the past. The company is trying to turn a corner, and Kalanick himself is looking for a second-in-command to keep his boundary-pushing tendencies in check. This revelation certainly won't help matters, though. It reinforces the notion that Uber is all too willing to break rules in the name of money, even if it's motivated by honest concerns like fraud.
Update: Uber has responded to Engadget, and maintains that its staff "absolutely do not" track individual users after they've deleted the app. At present, it spots potential fraud through a mix of common red flags (such as unusual IP addresses and GPS locations) and undisclosed methods. The company adds that fingerprinting is a "typical way" of preventing people from using stolen phones for joyrides, and otherwise thwarting "known bad actors." You can read the full statement below. It's good to hear that the company isn't tracking people, but the heart of the story revolves around hardware fingerprints -- those still violated Apple's privacy guidelines, even if Uber couldn't definitively associate phones with specific customers.
"We absolutely do not track individual users or their location if they've deleted the app. As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone—over and over again. Similar techniques are also used for detecting and blocking suspicious logins to protect our users' accounts. Being able to recognize known bad actors when they try to get back onto our network is an important security measure for both Uber and our users."