Upwork mobile app secret

Source: Dev.to

Intro of a problem

After many times consulting about unblocking Upwork accounts, I noticed the same location‑change trigger pattern for all of them. Most of the time it was a mobile‑app issue. Even if you are logged out, the Upwork app can run in the background and continue to send data, which is why you may still receive push notifications.

The scariest part isn’t what the app collects—it’s that it does so even when you never open it.

Data the app may collect

When I was a Product Manager at Appflow.ai we identified a set of default data that any app can gather on first launch:

• first_open_time: timestamp of first open
• advertiser_id: Apple’s IDFA or Google’s Advertising ID
• device_id: device identifier
• app_user_id: app‑specific user ID
• os: Android or iOS
• os_ver: operating‑system version
• app_ver: app version at first open
• device_model: model name
• device_brand
• locale
• tz_abv: timezone abbreviation
• carrier
• country
• language
• screen_width / screen_height
• screen_density
• remote_ip: IP address of first open
• tracker_id: Appflow tracker ID
• acquisition_source: traffic source that acquired the user

The Upwork mobile app collects the same signals, and it does not require explicit GPS permission to obtain location‑related data.

App ≠ browser

In a web browser Upwork mainly relies on IP address and basic session signals.
The mobile app, however, receives a much broader set of device and environment signals—many of which are far more stable than IP. Even without GPS permission, the app can infer location from:

• IP address (e.g., “Poland”)
• SIM country (e.g., “Ukraine”)
• Timezone (e.g., GMT+2)
• Nearby cell towers

When these signals conflict, Upwork flags the activity as anomalous.

Mobile internet

Mobile operators often use shared IP pools and dynamic routing, causing IP addresses to change frequently—sometimes within minutes. From the user’s perspective nothing changes, but Upwork sees the same device appearing in different network locations in a short period, which looks like “teleportation”.

Device fingerprint

The app builds a comprehensive device fingerprint that includes:

• Device characteristics (model, brand)
• OS version and app version
• Locale and timezone
• Carrier and network patterns
• Permission states
• Long‑term behavioral and lifecycle patterns

These signals together create a highly stable profile. If that profile suddenly appears in multiple countries, or if it matches a profile previously associated with flagged activity, Upwork treats it as a high‑risk signal.

Why this is especially dangerous now

Upwork has increased automated checks, and manual support rarely investigates deeply. Appeals are evaluated based on flags rather than detailed explanations. If the system decides you violated a policy, you have limited ability to prove otherwise without access to internal logs.

Summary

The mobile app adds extra risk—not because it’s “spyware,” but because it gathers many stable signals that can conflict and trigger automated blocks. Logging out of the app does not stop the background activity.

Recommendations

• Do not keep the Upwork mobile app installed.
• Avoid mobile internet when accessing Upwork.
• Do not mix web and app sessions.
• When traveling, keep the app uninstalled or disabled.

For the safest experience, use a web browser on a stable internet connection.