"Only" the data? That's precisely what the previous poster claimed you could see. But go ahead, explain how you can determine if the Uber app transmits location information without being able to decrypt the data.
But you can SEE the data. He never said you could READ the data...lol He said you could see exactly what server is requesting it and where it's being sent to, which is entirely true whether encrypted or not. Regardless whether you can read the data, you'd still be able to see it, where it's going to/from, and over what period of time. Certainly more than enough information to determine if they are doing anything for more than 5 minutes or not. If you want a real simple explanation on how you'd read SSL requests from your device, use SSL proxying, which acts as a basic MITM attack. I've used it extensively for reverse engineering APIs behind SSL, and with programs like Charles, it's a breeze to do for any lay person.
You are playing word games. An app that has been closed can be triggered to run in the background without the user knowing it.
I'm really not though. Show me any app that can run in the background without the user knowing it or one that can send data without running. If Apple allowed such functionality, the AppStore would be flooded with spyware. I actually made such an app once using private APIs, hid the app icon, and looped silent audio to keep it running in the background. Only ran on jailbroken devices and some guy wanted it to spy on his kids and make it lock out their screen with a big red button to call him while blasting an alarm if they didn't answer a call from him. Worked pretty good, but there was no way it was getting in the AppStore.
This is false. The "While Using" option prevents apps that are not in the foreground from accessing location information.
Nope. All you have to do is register background services for location data and background app refresh and it can use location data while running in the background with "In Use" auth. The API docs are just confusing because it says "In USe" auth is only for foreground, but you need to research and read further to see that it actually allows background services, just not by default. Just look at Google Maps. It'll even put a nice blue bar at the top of the screen to let the user know it's using location services in the background. As I said previously, this is actually the way Apple currently recommends monitoring location data in the background with "In Use" auth.