Upwork mobile app secret

After many times I was consulting about unblocking Upwork accounts, I faced the same location change trigger pattern for all of the accounts. And long story short - it was a mobile app problem most of the times. Even if you are logged out from Upwork app, the app os running on the background as a spy. Even more, maybe you noticed, you may still be receiving push notifications. The scariest part is not what the app collects.
The scariest part is when it does it. You don’t have to open the app. You don’t have to log in. You don’t even have to touch Upwork that day. Data app may collect: I remembered, when I was working for Appflow.ai as a Product Manager, we were collecting the default data from any app. And the Upwork mobile app works exactly the same way. It doesn’t need GPS permission. The main thing people don’t understand is that the Upwork mobile app is not the same as the browser. In a browser, Upwork mostly relies on IP and basic session-level signals.
In the mobile app, Upwork receives a much wider set of device and environment signals- and many of them are far more stable than IP. Even if you never gave explicit GPS permission, the app still gets location-related signals. So when the system sees something like: IP saying “Poland”, SIM saying “Ukraine”, timezone GMT+2, cell towers somewhere near the border, that’s already a risky anomaly. Mobile internet makes this situation much worse. Mobile operators use shared IP pools and dynamic routing.
As a result, your IP address may change frequently, sometimes within minutes. From the user’s perspective, nothing unusual is happening.
From the system’s perspective, the same device suddenly appears in different network locations within a short period of time. Teleport? The most dangerous part is the device fingerprint. Once, I was watching an Upwork Product Manager interview, who touched this topic a bit. The app doesn’t just see a network connection. It sees the device as an environment. This includes a combination of signals such as: device characteristics, OS version, app version, locale and timezone, carrier and network patterns, permission states, and long-term behavioral and lifecycle patterns. Almost all I mentioned as a data assets collected. Together, they form a highly stable device profile. This profile is far more stable than an IP address. The network changes. The device profile mostly probably doesn’t. And when the same device profile suddenly appears in different countries within a short time window, that’s a risk signal. +If a similar device profile was previously associated with flagged or banned activity, that can also increase risk. Why is this especially dangerous now? Because Upwork has grew automated checkups. Manual support rarely investigates deeply. Appeals are evaluated by flags, not by your explanations. If the system decided you violated something,
you’re trying to prove otherwise without even an access to logs. Summary
The mobile app is an extra risk - not because it’s “spyware”, but because it sees more signals, those signals often contradict each other, and Upwork’s systems are not built to handle unstable countries well. Log out won't help. So I recommend: do not keep the mobile app installed at all:)
do not rely on mobile internet
do not mix web + app sessions
do not travel with the app active or installed at all:)
Wanna be safe? Web browser usage + stable internet. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse - first_open_time: first open time
- advertiser_id: Apple's Advertising Identifier (IDFA) or Google Android's advertising ID.
- device_id: device id
- app_user_id: app user id
- os: Android, iOS
- os_ver: os version
- app_ver: app version of first open
- device_model: device model name
- device_brand:
- tz_abv: timezone abbreviation
- screen_width:
- screen_height:
- screen_density:
- remote_ip: ip address of first open
- tracker_id: appflow tracker id
- acquisition_source: acquired this user from which traffic source