Uber Removing Apple-Granted API That Could Have Let it Record a User’s iPhone Screen [Updated]

[CarlJ]

Look at the knee-jerk reaction from posters.
...
Put down the pitchforks until we know more.

You quoted a post of mine where I said that Uber's explanation of their innocence in this matter sounded plausible in this case (I also mentioned they have a lengthy history of doing bad things, which is a matter of record), and you called it a knee-jerk reaction and said we should put down the torches.

Do you know what the word plausible means? ("seeming reasonable or probable", in reference to Uber's explanation). How is that knee jerk? My other post in this thread was pointing out to a lot of folks who were gleefully grabbing pitchforks, that we don't know the whole story yet. You have the right idea, but watch where you're shooting. We're both on the side of reason.

(It's sad to see that the highest ranked posts are all the pitchfork-wielding posts - apparently because getting righteously indignant is fun and easy, and doesn't require facts.)

 

[pika2000]

Gizmodo trying to make headlines. *yawn

Everything is only a maybe, for something that is not even applicable anymore.

 

[The Barron]

This company is constantly involved in scandal. I don't know why Apple deals with it. They are dishonest, they have no integrity. Ban them.

Uber has turned into the way NOT to run a business! Lyft or a taxi are the only services to consider if you must take a car.

 

[miniyou64]

Uber has turned into the way NOT to run a business! Lyft or a taxi are the only services to consider if you must take a car.

What? Uber is a fantastic company with great service

 

[MacsRgr8]

Corruption is everywhere you look these days, damn shame.

Where does capitalism end and where does corruption start in business?

Apple doesn't "believe" in privacy and security as "rights". Life is no Disney movie.
Apple "sells" privacy and security as a "feature" and uses these so called "rights" as a marketing tool.

Like a professional sports-player who "loves" the club he is working for at the time. More money offered? He will "love" the next club.

 

[MH01]

This company is constantly involved in scandal. I don't know why Apple deals with it. They are dishonest, they have no integrity. Ban them.

Apple approved the API, which years later a security "analyst" concluded "could" be used to achieve "x" ...... ummm how exactly is this Uber's fault?
[doublepost=1507267671][/doublepost]

Don't worry. Uber is 100% safe. And Google doesn't spy on it's users.

So.....if you have an cheap iPhone with google services and an uber app.... approved.... it's okay?

 

[SteveBlobs]

Uber is the worst. They treat their drivers like crap. They evade the law. Their founder was a jerk. There is rampant sexual harassment at the company. Why would we ever trust them that they aren't spying on us? Vote with your wallet and use Lyft or take a cab. Also, shame on Apple for granting them this permission.

 

[gwaizai]

See, they are all our enemies. Even Apple.

 

[thadoggfather]

Apple is the one that gave them this capability. I am more upset with Apple than Uber. Was anyone told Uber was recording all actions on the device thanks to Apple?

Yet folks are upset with Uber??? Seems like Apple is in the wrong here...

very good point.

Apple is also supposed to be on the side of the customer when it comes to privacy.

Not opening up the floodgates like their direct competitor does..

ugh

still not as bad, but re-confirms that Apple 'doubling down' on privacy is partially true, but also partially PR and BS


I *hate* that location services can only be set to 'never' or 'always' for Uber app

HOW ABOUT 'while using' and allow no exceptions, Apple? Since an app with this functionality by no means always has to be running especially while not in use. 'Always' is super shady and not what I'm trying to do nor for battery life purposes


And WHY is Uber REMOVING the APPLE granted feature?

How about APPLE removing the feature that 'slipped' through the cracks even tho it wouldn't since Uber is a popularly downloaded, and high profile app/service? Weird situation,

 

[himanshumodi]

I looked at the Gizmodo article. Here's where I stopped reading...

"Alternatively, it’s possible that Apple sandboxed the entitlement to prevent it from accessing data outside Uber’s app."

That Apple built in safeguards to prevent abuse is exactly the first thing I though of. Shame nobody else wants to find out that part before getting all fired up.

Agree. This needs to be established. And without including this statement, the current article can be called inflammatory in nature. Look at how the people are riled up. It would be nice for Apple to clarify on the kind of "entitlements" it gives to developers and make a statement on this particular entitlement.

Also, passwords COULD NOT have been stolen as long as they were starred-out, since they could be deduced only by analyzing screen captures. So if people have not checked the "show password" box, the possibility of passwords leaking doesn't exist.

 

[DCIFRTHS]

To be clear, I don't like Uber, I think they've done horrible things. But it seems like a lot of people are reading "could have used this API to..." and conveniently ignoring the "could have" and treating this as proof that they did use the API in the way proposed by the security researchers. I've seen no evidence that warrants this leap to judgement. Unless you just really like pitchforks. There's enough things to get upset about that Uber has done. No need to get upset at hypotheticals, unless/until they are proved true.

When it comes to an API that could be used nefariously, there should be NO trust. Apple is clearly at fault here, and should respond publicly.
[doublepost=1507273048][/doublepost]

Bleeding edge applications are supported by Apple to establish a "killer app". It worked.

It makes me trust Apple less now. Did it really work?

 

[Lone Deranger]

Looks like Tim Cook has got some explaining to do (yet again).

 

[cfc]

As a developer who has spent almost 3 years working around Apple's limited API for Maps on the watch (to the extent that I eventually wrote my own vector maps) it is pretty annoying to see that Apple have been giving extra functionality to the bigger players.

I know that Apple invite the big companies to Cupertino for extra help, and also feature them more often on the App Store (both of which are understandable) but I didn't realise that they also allowed them access to more functionality. I naively assumed that the technological playing field was level regardless of the size of the company.

It will be interesting to see exactly what access they were granted. I have never used the Uber watch app. Did it show moving maps or were they static?

 

[Glassed Silver]

There's obviously two classes of devs on iOS.

The existence of this special treatment shows very well the too tight restrictions of iOS/watchOS.

Either way, this being out and resolved soon doesn't change the fact that the Uber app will NEVER touch any of my devices. That's before I even consider the company itself. Yuck!

A lucky day when they lose all of their marketshare!

Glassed Silver:ios

 

[Bacillus]

You quoted a post of mine where I said that Uber's explanation of their innocence in this matter sounded plausible in this case (I also mentioned they have a lengthy history of doing bad things, which is a matter of record), and you called it a knee-jerk reaction and said we should put down the torches.

Do you know what the word plausible means? ("seeming reasonable or probable", in reference to Uber's explanation). How is that knee jerk? My other post in this thread was pointing out to a lot of folks who were gleefully grabbing pitchforks, that we don't know the whole story yet. You have the right idea, but watch where you're shooting. We're both on the side of reason.

(It's sad to see that the highest ranked posts are all the pitchfork-wielding posts - apparently because getting righteously indignant is fun and easy, and doesn't require facts.)

If you find an enforced Uber PR-statement plausible, you probably never rationalized or backtraced their continuous stream of outward lies.
Tying yourself to their credibility and track record, says more about yours (...)

As a developer who has spent almost 3 years working around Apple's limited API for Maps on the watch (to the extent that I eventually wrote my own vector maps) it is pretty annoying to see that Apple have been giving extra functionality to the bigger players.

I know that Apple invite the big companies to Cupertino for extra help, and also feature them more often on the App Store (both of which are understandable) but I didn't realise that they also allowed them access to more functionality. I naively assumed that the technological playing field was level regardless of the size of the company.

It will be interesting to see exactly what access they were granted. I have never used the Uber watch app. Did it show moving maps or were they static?

You could zoom into something that tried to resemble a map.
More compelling is that you can do that anyway - without that privAPI that grants Uber.app background access to anything else.
Tim Cook crossed the (sandbox-) red line - and that's is terribly against anything he stands for.
Privacy is being sold => that is inexcusable. Period.

 

[IG88]

If you find an enforced Uber PR-statement plausible, you probably never rationalized or backtraced their continuous stream of outward lies.
Tying yourself to their credibility and track record, says more about yours (...)

You could zoom into something that tried to resemble a map.
More compelling is that you can do that anyway - without that privAPI that grants Uber.app background access to anything else.
Tim Cook crossed the (sandbox-) red line - and that's is terribly against anything he stands for.
Privacy is being sold => that is inexcusable. Period.

Yeah it’s hard to believe that Apple would just freely hand out an API like that without getting something in return.

It would seem that Cook was so desperate for big name Watch developers that he’d have sold his own mother into slavery as long as your app worked well on the watch.

 

[whooleytoo]

Put down the pitchforks. This is an Apple-granted entitlement.

Yeah, sounds like a complete non-story to me.

Uber had an API that could have been used to invade a user's privacy/security. So what? So could almost any application you've installed on your Mac, PC, phone or tablet. The only question is did they misuse it, and we don't know.

What's more bizarre is Apple - who have a good reputation for at least trying to protect users' privacy & security - gave them the entitlement.

 

[mw360]

Tim Cook crossed the (sandbox-) red line - and that's is terribly against anything he stands for.
Privacy is being sold => that is inexcusable. Period.

The source article at Gizmodo admits "it’s possible that Apple sandboxed the entitlement to prevent it from accessing data outside Uber’s app" which lets all the air out of the story if you ask me. How about we wait until Gizmodo get their sh** together before flying off the handle.

 

[Glideslope]

Gizmodo trying to make headlines. *yawn

Everything is only a maybe, for something that is not even applicable anymore.

Gizmodo is not capable of even yawning.

 

[canadianreader]

A bad company is a collection of bad people and if Uber is bad and have no ethics (it looks that way) then all those bad souls will gravitate around it and work for it.

 

[Futurix]

If Apple is issuing the "entitlement", why aren't they also vetting its use?

How do you know they don't?
They usually are very controlling about exceptional access like this.

 

[Dan From Canada]

How on earth could Apple have been so irresponsible?

They make all kinds of noise about not helping the FBI get info on a terrorists iPhone but they grant a backdoor to one of the dirtiest/shadiest companies on earth?

Apple is truly becoming all about the money.

 

[Chupa Chupa]

I guess jumping to conclusions is the cool thing these days!

Which conclusion are we jumping to? That Apple gave Uber the defective API? That the API had potential to disclose sensitive information? The major point here is users trust Apple to keep its OSes reasonably secure. Especially in this case where Apple is anointing a particular developer with extraordinary capabilities doesn't Apple have a duty to make sure that API is locked down tight before handing it out? Is that such a way out thought?

 

[ravenstar]

Also, passwords COULD NOT have been stolen as long as they were starred-out, since they could be deduced only by analyzing screen captures. So if people have not checked the "show password" box, the possibility of passwords leaking doesn't exist.

Typing a password provides on-screen feedback as the keys are pressed. If the frame buffer can be captured while that's happening, the key sequence can be read. But it's not clear Uber had that capability if the entitlement was sandboxed.

 

[kdarling]

Which conclusion are we jumping to? That Apple gave Uber the defective API? That the API had potential to disclose sensitive information? The major point here is users trust Apple to keep its OSes reasonably secure. Especially in this case where Apple is anointing a particular developer with extraordinary capabilities doesn't Apple have a duty to make sure that API is locked down tight before handing it out? Is that such a way out thought?

The conclusion that you and others are jumping to, is that Apple did NOT restrict the API to Uber's own screens (seems likely) and/or that they did NOT thoroughly vet the app itself (less likely).

That said, some of Apple's privacy policies have relied on voluntary compliance. Remember the button that turned off ad ID tracking? All it did was set a software flag to alert the developer that they shouldn't use it. It didn't actually hide the ID.