Denied refund to passenger whose driver extended ride and used passenger phone to give himself a tip

After a passenger forgot her phone in a driver’s vehicle, the driver realized — and drove a lengthy additional route, plus gave himself a large tip. He also used the Uber app to file a complaint against the passenger and, using the passenger’s phone, wrote a fake response.

The passenger complained to Uber, which initially gave her a partial refund but then removed that refund. Uber later suggested that she contact local law enforcement, and only after she did so did Uber refund the charges (ultimately adding a gift card for a future trip).

Multiple competition regulators questioned Uber-Grab deal

Reviewing Uber’s proposed sale of its Southeast Asia business to Grab, the Competition Commisison of Singapore (CCS) announced that it is looking into the transaction.

Broadly, CCS said the proposed transaction would bring “substantial lessening of competition in relation to the chauffeured personal point-to-point transport passenger and booking services market in Singapore.” CCS therefore required Uber and Grab to maintain their pre-transaction pricing, policies, and products, and not to exchange any confidential information.

After CCS’s statement of concern, Malaysia’s Land Public Transport Commission also announced that it would examine the proposed transaction. The Philippines’ anti-trust agency, the Philippine Competition Commission, then stated similar concerns: “There are reasonable grounds that the said acquisition may likely substantially lessen, prevent, or restrict competition.”

Coverage from TechCrunch and prior critique from the author of this site.

Poised to sell Southeast Asia assets to Grab

Uber announced plans to sell its Southeast Asia assets to Grab, the dominant ride-hailing firm in that region. This transaction raised competition concerns because Grab and Uber jointly controlled the overwhelming majority of ride-hailing service in the region. The transaction thus created an effective monopoly for Grab — allowing the company to charge higher prices and fees, to the detriment of both drivers and passengers.

Sold Chinese assets to Didi

Rather than continuing to compete with Didi Chuxing, the dominant ride-hailing service in China, Uber sold its Chinese assets to that firm — essentially ending competition in ride-hailing in that country.

This transaction raised several concerns. One, Didi and Uber jointly controlled the overwhelming majority of ride-hailing service in China. The nearest competitor had just 3.3% market share as of the time of the transaction. The transaction thus created an effective monopoly for Didi — allowing Didi to charge higher prices and fees, to the detriment of both drivers and passengers.

Two, as part of the transaction, Uber received 17.5% ownership of Didi, and Didi in turn held an investment in Lyft. So the Didi-Uber deal made Uber a part owner of its biggest US competitor.

Covered up hack, paid hackers to delete data, and failed to disclose to regulators

In an October 2016 attack, hackers extracted names, email addresses, and phone numbers of 50 million Uber riders (details), as well as personal information about 7 million drivers (including 600,000 US drivers license numbers). Details from Uber. A subsequent FTC investigation found that more than 25 million names and email addresses, and more than 22 million names and phone numbers, were affected.

Uber did not tell the public about the hack or alert the affected drivers or passengers. Nor did Uber tell regulators, although at the same time Uber was negotiating with the US FTC about other claims of privacy violations. As of November 2017, when the attack was publicly revealed, Uber admitted that it was required to disclose the hack because driver’s license information was among the information taken.

Instead of disclosing the hack to regulators or the public, Uber paid the hackers $100,000 to delete the data and not tell anyone what had happened. The New York Times reported that Uber also pushed the hackers to sign nondisclosure agreements, and that the company “made it appear” as if the $100,000 payout had been part of a “bug bounty” program (paying hackers to find problems) rather than a response to hackers’ demands.

Uber then-CEO Travis Kalanick learned of the breach in November 2016, a month after it took place. Reuters indicated that new CEO Dara Khosrowshahi indicated only having learned about the problem “recently.”

Uber Chief Security officer Joe Sullivan oversaw Uber’s response to the hack. As part of Uber’s 2017 investigation of the situation, new CEO Dara Khosrowshahi fired Sullivan along with Craig Clark, who had been legal director of security and law enforcement (reporting to Sullivan).

Upon learning of Uber’s failure to disclose the privacy breach, multiple regulators criticized the company’s action and opened investigations.

Uber’s statement

In a December follow-up, Reuters reported that the hacker was a 20-year-old man from Florida.

Drivers in Nigeria use fake GPS to inflate fares

In Lagos, Nigeria, Uber drivers used apps to override phone GPS, causing Uber’s app to record a longer route than was actually taken and inflating the fares charged to passengers. Quartz reports many drivers inflating fares by 1000 to 2000 naira ($3 to $6), though some inflated far more than that.

Drivers reported using this tactic in response to Uber reducing the amount they were paid. They describe protesting unsuccessfully, and resorting to GPS trickery for lack of other ways to get the payment they thought they deserved.

Some drivers said Uber knew about their methods and allowed them to continue. One driver described the Uber app reporting “fake location detected” yet allowing the driver to proceed and charge an inflated fare.

Uber says it refunds all riders who report fraudulent activity.

Blind couple says Uber denied them a ride, dragged one down the street

A Boston couple reported that Uber denied them a ride because they were traveling with a service dog.

The Boston Globe reports that after being denied service, one of the passengers got his hand caught in the window and was dragged about 15 feet, causing road rash and requiring five stitches.

Uber said the driver was removed, and noted that drivers are rqeuired to accommodate service animals.

Specal iPhone permission let Uber app see iPhone screen even when app not running

Security researcher Will Strafach found Uber’s app enjoying an unusual Apple iOS security permission not used by any other app. Called com.apple.private.allow-explicit-graphics-priority, this permission allowed Uber’s app to see what was on the user’s screen even if the Uber app was not active.

An Uber spokesperson explained the purpose of this security permission: “It was used for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone & then send the rendering to the Watch app.” The spokesperson continued: “Apple gave us this permission years because Apple Watch couldn’t handle our maps rendering.”

Uber indicated that it used the entitlement only in version 8.2 of its app, and that a subsequent update from Apple fixed the memory issue for Apple Watch and made this workaround unnecessary.