top | item 36906252

(no title)

58x14 | 2 years ago

Years ago I tried to install and sign up for Turo on iOS to rent out a car I owned. It was a luxury car with a rebuilt title.

After I put in the VIN of the car, I received an error, and inexplicably I was banned from the app. No notification as to why, no "we don't accept rebuilt title vehicles," nothing. Naturally I scoffed, deleted the app and forgot about it.

Last year a friend rented a few cars on Turo for a trip and added me as a driver to one of them. I had switched phone numbers but kept the same phone. I downloaded Turo again and signed up with a new phone number and new email.

Before Turo even asked for my driver's license information, I was blocked again. It must be due to fingerprinting, which persisted over years.

I'm unsure how much apps can learn about your user profile, other apps you have installed, and other uniquely identifiable data. I've assumed it was limited, but perhaps I've been naive.

I guess these new rules are generally good? But I can imagine for every nefarious usage of these APIs, there can be a plausible cover reason...

discuss

bbatsell|2 years ago

Since you kept the same phone, that was probably DeviceCheck, which gives you 2 bits to store “fraud” related flags.

https://developer.apple.com/documentation/devicecheck/access...

josephcsible|2 years ago

Why does Apple let your device work against your own interests? If an app developer wants your phone to detect you committing "fraud", that should be their problem.

computator|2 years ago

> probably DeviceCheck, which gives you 2 bits to store “fraud” related flags

Does resetting your iPhone (Erase All Content and Settings) clear out data like that?

Does doing a restore from backup put that data back on your iPhone?

kccqzy|2 years ago

Is that basically serving the same purpose as Android's SafetyNet attestation?

loumf|2 years ago

It could have been simply some data put in the keychain. That persists through app deletion.

BillinghamJ|2 years ago

It used to. They have largely changed that now - all data is deleted once the last app from a given vendor has been deleted (though it's not instant, and seems to apply weirdly on TestFlight + ad-hoc builds)

newZWhoDis|2 years ago

Keychain and DeviceCheck are likely how.

Apple needs to get their shit together with these two APIs.

Keirmot|2 years ago

There’s other ways. Like iCloud - you can store something on a private container and it will persist in the users Apple ID