Super Pumped: The Battle for Uber

by Mike Isaac

But then, in 2014, Quentin’s team found a way around it. After Apple’s iOS software release, about a half dozen companies sprang up overnight that claimed they could detect the sacred IMEI. Quentin tested a few of them before landing on InAuth, Inc., a small firm based in Boston. With just a smattering of code inside Uber’s mobile app, InAuth could track down the device identification number of the iPhone used to install the app, a technique known as “fingerprinting” in the security and fraud industry. Once a phone was “fingerprinted,” it was much easier for Uber to tell if it was being used for fraud. Just a few months after starting at Uber, Quentin signed a contract with InAuth. It worked perfectly. Before Uber had started using InAuth, fraud in China and other major cities cost Uber tens of millions of dollars every week—and occasionally even more than that. After Uber built a new version of its app with the InAuth code installed, Quentin watched the fraud numbers fall off a cliff. When a scammer tried to create a new account on a device Uber had fingerprinted, Uber’s anti-fraud systems would kick in and the account would be banned automatically. Finally, after years of being ripped off, Uber had found a way to fight back. There was one problem: InAuth’s service blatantly violated Apple’s rules regarding user privacy. So everything between Uber and InAuth had to be kept secret. if Apple found out, both Uber and InAuth could be in serious trouble, and could even get Ube...