Uber Removing Apple-Granted API That Could Have Let it Record a User’s iPhone Screen [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 5, 2017.

  1. CarlJ, Oct 5, 2017
    Last edited: Oct 5, 2017

    CarlJ macrumors 68020


    Feb 23, 2004
    San Diego, CA, USA
    You quoted a post of mine where I said that Uber's explanation of their innocence in this matter sounded plausible in this case (I also mentioned they have a lengthy history of doing bad things, which is a matter of record), and you called it a knee-jerk reaction and said we should put down the torches.

    Do you know what the word plausible means? ("seeming reasonable or probable", in reference to Uber's explanation). How is that knee jerk? My other post in this thread was pointing out to a lot of folks who were gleefully grabbing pitchforks, that we don't know the whole story yet. You have the right idea, but watch where you're shooting. We're both on the side of reason.

    (It's sad to see that the highest ranked posts are all the pitchfork-wielding posts - apparently because getting righteously indignant is fun and easy, and doesn't require facts.)
  2. pika2000 macrumors 68030

    Jun 22, 2007
    Gizmodo trying to make headlines. *yawn

    Everything is only a maybe, for something that is not even applicable anymore.
  3. The Barron macrumors regular

    Mar 5, 2009
    Uber has turned into the way NOT to run a business! Lyft or a taxi are the only services to consider if you must take a car.
  4. miniyou64 macrumors 6502


    Jul 8, 2008
    What? Uber is a fantastic company with great service
  5. MacsRgr8 macrumors 604


    Sep 8, 2002
    The Netherlands
    Where does capitalism end and where does corruption start in business?

    Apple doesn't "believe" in privacy and security as "rights". Life is no Disney movie.
    Apple "sells" privacy and security as a "feature" and uses these so called "rights" as a marketing tool.

    Like a professional sports-player who "loves" the club he is working for at the time. More money offered? He will "love" the next club.
  6. MH01 macrumors G4


    Feb 11, 2008
    Apple approved the API, which years later a security "analyst" concluded "could" be used to achieve "x" ...... ummm how exactly is this Uber's fault?
    --- Post Merged, Oct 5, 2017 ---
    So.....if you have an cheap iPhone with google services and an uber app.... approved.... it's okay?
  7. SteveBlobs macrumors member

    Jan 29, 2013
    Uber is the worst. They treat their drivers like crap. They evade the law. Their founder was a jerk. There is rampant sexual harassment at the company. Why would we ever trust them that they aren't spying on us? Vote with your wallet and use Lyft or take a cab. Also, shame on Apple for granting them this permission.
  8. gwaizai macrumors member


    Aug 8, 2016
    See, they are all our enemies. Even Apple.
  9. thadoggfather macrumors 604


    Oct 1, 2007
    very good point.

    Apple is also supposed to be on the side of the customer when it comes to privacy.

    Not opening up the floodgates like their direct competitor does..


    still not as bad, but re-confirms that Apple 'doubling down' on privacy is partially true, but also partially PR and BS

    I *hate* that location services can only be set to 'never' or 'always' for Uber app

    HOW ABOUT 'while using' and allow no exceptions, Apple? Since an app with this functionality by no means always has to be running especially while not in use. 'Always' is super shady and not what I'm trying to do nor for battery life purposes

    And WHY is Uber REMOVING the APPLE granted feature?

    How about APPLE removing the feature that 'slipped' through the cracks even tho it wouldn't since Uber is a popularly downloaded, and high profile app/service? Weird situation,
  10. himanshumodi macrumors regular


    May 18, 2012
    Agree. This needs to be established. And without including this statement, the current article can be called inflammatory in nature. Look at how the people are riled up. It would be nice for Apple to clarify on the kind of "entitlements" it gives to developers and make a statement on this particular entitlement.

    Also, passwords COULD NOT have been stolen as long as they were starred-out, since they could be deduced only by analyzing screen captures. So if people have not checked the "show password" box, the possibility of passwords leaking doesn't exist.
  11. DCIFRTHS macrumors 6502a


    Jan 25, 2008
    When it comes to an API that could be used nefariously, there should be NO trust. Apple is clearly at fault here, and should respond publicly.
    --- Post Merged, Oct 5, 2017 ---
    It makes me trust Apple less now. Did it really work?
  12. Lone Deranger macrumors 65816

    Lone Deranger

    Apr 23, 2006
    Looks like Tim Cook has got some explaining to do (yet again).
  13. cfc macrumors regular

    May 27, 2011
    As a developer who has spent almost 3 years working around Apple's limited API for Maps on the watch (to the extent that I eventually wrote my own vector maps) it is pretty annoying to see that Apple have been giving extra functionality to the bigger players.

    I know that Apple invite the big companies to Cupertino for extra help, and also feature them more often on the App Store (both of which are understandable) but I didn't realise that they also allowed them access to more functionality. I naively assumed that the technological playing field was level regardless of the size of the company.

    It will be interesting to see exactly what access they were granted. I have never used the Uber watch app. Did it show moving maps or were they static?
  14. Glassed Silver macrumors 68020

    Glassed Silver

    Mar 10, 2007
    Kassel, Germany
    There's obviously two classes of devs on iOS.

    The existence of this special treatment shows very well the too tight restrictions of iOS/watchOS.

    Either way, this being out and resolved soon doesn't change the fact that the Uber app will NEVER touch any of my devices. That's before I even consider the company itself. Yuck!

    A lucky day when they lose all of their marketshare!

    Glassed Silver:ios
  15. Bacillus, Oct 6, 2017
    Last edited: Oct 6, 2017

    Bacillus macrumors 65816


    Jun 25, 2009
    If you find an enforced Uber PR-statement plausible, you probably never rationalized or backtraced their continuous stream of outward lies.
    Tying yourself to their credibility and track record, says more about yours (...)
    You could zoom into something that tried to resemble a map.
    More compelling is that you can do that anyway - without that privAPI that grants Uber.app background access to anything else.
    Tim Cook crossed the (sandbox-) red line - and that's is terribly against anything he stands for.
    Privacy is being sold => that is inexcusable. Period.
  16. IG88 macrumors regular


    Nov 4, 2016
    Yeah it’s hard to believe that Apple would just freely hand out an API like that without getting something in return.

    It would seem that Cook was so desperate for big name Watch developers that he’d have sold his own mother into slavery as long as your app worked well on the watch.
  17. whooleytoo macrumors 603


    Aug 2, 2002
    Cork, Ireland.
    Yeah, sounds like a complete non-story to me.

    Uber had an API that could have been used to invade a user's privacy/security. So what? So could almost any application you've installed on your Mac, PC, phone or tablet. The only question is did they misuse it, and we don't know.

    What's more bizarre is Apple - who have a good reputation for at least trying to protect users' privacy & security - gave them the entitlement.
  18. mw360 macrumors 65816


    Aug 15, 2010
    The source article at Gizmodo admits "it’s possible that Apple sandboxed the entitlement to prevent it from accessing data outside Uber’s app" which lets all the air out of the story if you ask me. How about we wait until Gizmodo get their sh** together before flying off the handle.
  19. Glideslope macrumors 601


    Dec 7, 2007
    Gizmodo is not capable of even yawning. :apple:
  20. canadianreader macrumors 6502


    Sep 24, 2014
    A bad company is a collection of bad people and if Uber is bad and have no ethics (it looks that way) then all those bad souls will gravitate around it and work for it.
  21. Futurix macrumors 6502


    Nov 22, 2011
    How do you know they don't?
    They usually are very controlling about exceptional access like this.
  22. Dan From Canada macrumors member

    Jul 19, 2016
    How on earth could Apple have been so irresponsible?

    They make all kinds of noise about not helping the FBI get info on a terrorists iPhone but they grant a backdoor to one of the dirtiest/shadiest companies on earth?

    Apple is truly becoming all about the money.
  23. Chupa Chupa macrumors G5

    Chupa Chupa

    Jul 16, 2002
    Which conclusion are we jumping to? That Apple gave Uber the defective API? That the API had potential to disclose sensitive information? The major point here is users trust Apple to keep its OSes reasonably secure. Especially in this case where Apple is anointing a particular developer with extraordinary capabilities doesn't Apple have a duty to make sure that API is locked down tight before handing it out? Is that such a way out thought?
  24. ravenstar macrumors member

    Jan 12, 2005
    Typing a password provides on-screen feedback as the keys are pressed. If the frame buffer can be captured while that's happening, the key sequence can be read. But it's not clear Uber had that capability if the entitlement was sandboxed.
  25. kdarling macrumors demi-god


    Jun 9, 2007
    First university coding class = 46 years ago
    The conclusion that you and others are jumping to, is that Apple did NOT restrict the API to Uber's own screens (seems likely) and/or that they did NOT thoroughly vet the app itself (less likely).

    That said, some of Apple's privacy policies have relied on voluntary compliance. Remember the button that turned off ad ID tracking? All it did was set a software flag to alert the developer that they shouldn't use it. It didn't actually hide the ID.

Share This Page