if Apple did not modify the API to sandbox it, then that removes half of my giving Apple the benefit of the doubt, and lends some support to those I've been debating with.
Well, that's exactly what we don't know—was this sandboxed? I'm guessing, it probably was.
Also, most researchers also hack on jailbroken devices so there's going to be differences there. App Store apps also can't necessarily run in background so even if Uber had access, they couldn't do anything with it. You'd want to be able to stealthily record on demand. Since iOS 9, Apple has also blocked sysctl that let apps read what other processes were running. So any articles that claim about "spying" on Lyft drivers if they had the app installed is bogus.
If Uber were really spying/recording users, the app would have to:
a) run in the background for an extended period of time (not that easy to do)
b) record the screen (which is a pretty intensive process)
c) save that data in its own app space (that could get big quickly)
d) compress the data somehow (so it takes less time to transmit)
e) send that data off somewhere (again, seems unlikely)
If you don't do e), everything else is really moot. I'd imagine it'd be pretty easy to see how much data Uber would be transmitting. Also Uber is not Google NOR the NSA: I don't think they could even handle every piece of data that would even come in.
So, let's say Uber WAS really doing this. There's really 2 sides to security: is it feasible and is it practical? It certainly SEEMS technical possible to phone home and record user's screens.
However practically speaking, it would likely not really be all that feasible. Uber is super shady. But not shady enough to get around most iOS and networking limitations.