Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber's iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen, Researchers Say (gizmodo.com)

Posted by msmash on from the stranger-things dept.

To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told news outlet Gizmodo. From a report: After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. The screen recording capability comes from what's called an "entitlement" -- a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."

91 comments

  1. Duh by Aighearach · · Score: 3, Insightful

    Apple users tolerate anything. Even things that protest/boycott over, they're willing to actually move up their purchase schedule when Apple responds to their demands by asking for more money.

    This is a well-trodden path.

    1. Re:Duh by Tablizer · · Score: 1

      Oh, and Google, MS, etc. are careful? Yeah right.

      Anyhow, we don't know Apple's side of the story yet. Knowing Uber, they probably used "social engineering" to sneak stuff past the Apple iGuards.

      --
      Table-ized A.I.
    2. Re:Duh by Anonymous Coward · · Score: 0

      Nah. For example, I don't tolerate Uber. I still can't believe people do business with that clown show.

    3. Re:Duh by Aighearach · · Score: 1

      Right, users of other brands have a much higher rate of switching to competing products when they report being very angry about the product.

      I used to use a wide range of google services, but after being forced to switch a few times when things got shut down, I use less and less of their services all the time, and I can be consistently relied on to not even try anything new they offer. No interest. And yet, I still do use gmail and couple other services.

      If you don't understand that there are differences in brand loyalty from one brand to the next, and that that often impacts the user experience, they do have books about that stuff. Spoiler: it doesn't end well for the consumer if the brand owner realizes they are excessively loyal.

    4. Re:Duh by Anonymous Coward · · Score: 0

      Compared to Google's stock keyboard that sends (to the mothership) a packet of 256 bytes in size 4000 a day ? (aka: the Google keylogger)

    5. Re:Duh by Bing+Tsher+E · · Score: 1

      There are dozens of keyboard alternatives on the Android App marketplace. I use the Hacker's Keyboard, which gives me cursor keys and all the control-alt-esc key sequences, on my Asus Android tablet.

      The default Android keyboards from Google or Samsung are deplorable.

      Does Apple even allow third party keyboards on iOS? It's been so long since I used iOS on anything.

    6. Re: Duh by Anonymous Coward · · Score: 0

      It only started with iOS 8 but yes, you can download third party keyboard from the App Store.

    7. Re: Duh by Anonymous Coward · · Score: 1

      But if the 3rd party doesn't log keystrokes back to Apple it doesn't get approved.

    8. Re: Duh by Anonymous Coward · · Score: 0

      Troll

    9. Re: Duh by Anonymous Coward · · Score: 0

      Truth. Keyboards have to use apple patented data stealing APIs

    10. Re: Duh by Anonymous Coward · · Score: 0

      Maybe apple didn't know until they heard about it on the best news site in the world, slashdot.

    11. Re:Duh by JohnFen · · Score: 1

      Anyhow, we don't know Apple's side of the story yet. Knowing Uber, they probably used "social engineering" to sneak stuff past the Apple iGuards.

      TFA contains a statement from Apple explaining that they intentionally granted this ability to to Uber app, and why.

    12. Re: Duh by Anonymous Coward · · Score: 0

      LOL you trolls are hilarious. I sniff all my traffic so I'm going to need a citation that apple is logging keystrokes and sending them to Apple. And no autocomplete and other bullshit doesn't counts

  2. Which app store? by Anonymous Coward · · Score: 0

    Did anyone check the NSA app store?

    1. Re: Which app store? by Anonymous Coward · · Score: 0

      AKA Google Play.

  3. Assholes ... by Anonymous Coward · · Score: 1

    Sorry, but Uber's business model is pretty much end to end "be colossal assholes, claim regulations don't apply, and keep being assholes".

    Sorry, but this isn't a company I would ever trust or do business with.

    Claiming you're a magical pony who isn't covered by laws doesn't make it true.

    1. Re:Assholes ... by ShanghaiBill · · Score: 5, Insightful

      Sorry, but Uber's business model is pretty much end to end "be colossal assholes ..."

      Of course. But the real issue is not that Uber is unethical (we already knew that) but that Apple gave them full access.

      If my landlord gave a burglar the key to my door, his behavior would be more noteworthy than the behavior of the burglar.

    2. Re:Assholes ... by Aighearach · · Score: 1

      Uber is so evil, it didn't even occur to me to care about the affect on their users/accomplices.

      The real story has to be Apple giving them permission, because Apple is not obviously evil. Normally the complaint of Apple haters is merely that it is overpriced, and walled gardens are for snobs, and not everybody likes snobs. Snobs are often looked down on, but also often looked up to; they are not obviously evil. So to have this sort of snake inside the garden might turn out to be a big deal. Especially if there are others.

    3. Re:Assholes ... by currently_awake · · Score: 4, Interesting

      I consider the bigger issue that Apple can bypass your security settings at will, with no notification. I don't know how legal this is, but we can assume police and intelligence agencies are currently making use of this because Apple spent money to MAKE this feature.

    4. Re:Assholes ... by Dog-Cow · · Score: 0

      What is being bypassed is an OS limitation, not a setting the user chose. You can slither back under your rock now.

    5. Re:Assholes ... by thegarbz · · Score: 4, Insightful

      bypass your security settings

      No you have this backwards. Apple owns the absolute control of your device. Any settings you have are gifted to you by them. They aren't bypassing your security, they simply aren't offering you security you want.

    6. Re:Assholes ... by Anonymous Coward · · Score: 0

      but that Apple gave them full access.

      Not full access. Not good, but not anything like your hyperbolic statement.

    7. Re:Assholes ... by Anonymous Coward · · Score: 0

      This. That's not even sarcastic, and some people will mistakenly read it as such. Any settings you have really are given to you by Apple: they are not rights.

      The GP was one of the most blithely stupid things I've read in a long time. Apple made the software, and you do not have access to the source code to see what really goes on inside. You consent to that arrangement by using their software. You consent explicitly when you click "agree" to that long thing you didn't read when you first got your iPhone and started it up and eagerly gave it all your account information and tied it to you with strong selectors like a credit card number and a telephone number.

      That said, Apple has earned a reputation for trying to protect users' privacy, enough so that it's surprising to see them granting this entitlement to Uber, which has quite the opposite reputation.

  4. Where's the limit with Uber on iOS? by eepok · · Score: 4, Insightful

    Apple tosses apps out of the app store for many reasons. Over the last 2-3 years, Uber's apps have shown to violate privacy and intentionally deceive regulators on a massive scale. Money aside (I know, that's asking a lot), how does Apple justify allowing them to continue to have an app in their app store?

    1. Re:Where's the limit with Uber on iOS? by Actually,+I+do+RTFA · · Score: 1

      how does Apple justify allowing them to continue to have an app in their app store?

      They're afraid of driving people to Android. At this point, Uber is so entrenched, that may happen. Now, that would be an excellent reason, if i were Apple, to push people to Lyft.

      --
      Your ad here. Ask me how!
    2. Re:Where's the limit with Uber on iOS? by BasilBrush · · Score: 1

      Pretty obviously because iPhone users want to be able to use Ubers.

    3. Re:Where's the limit with Uber on iOS? by squiggleslash · · Score: 1

      And Uber wants iPhone users to be its customers. I'd assume Uber has a mobile website by now, so if they can make that pinnable and assuming iPhone webapps allow notifications (I don't have an iPhone, so can't comment), there's no good reason for Uber to need a native app for iPhones.

      I don't think banning Uber from the App Store would have a significant impact on Apple. It would be more serious for Uber, effectively another highly publicized attack on its honesty, and a reduction in exposure.

      --
      You are not alone. This is not normal. None of this is normal.
    4. Re:Where's the limit with Uber on iOS? by 110010001000 · · Score: 1

      Gee I wonder why? Could it be that Uber is a top 20 app for iOS? What makes you think Apple cares about your privacy? You don't think they are logging what you do?

    5. Re:Where's the limit with Uber on iOS? by BasilBrush · · Score: 1

      A website experience would be poor vs a native app.
      It would likely be lacking in features, as there are things you can't do with a web site. And it would prevent using the Apple Watch.

      iPhone users want the Uber app. And there's no reason to stop them. They had a good reason to use an entitlement at the time, and now they don't need it any more they'll be removing it.

    6. Re:Where's the limit with Uber on iOS? by lerxstz · · Score: 1

      I looked into notifications for iPhone webapps somewhat recently, it is not *currently* possible. Sevice workers are in development but not currently available.

      --
      I chose to end my comments, not with a rim shot, but a long decaying F#7sus4
    7. Re:Where's the limit with Uber on iOS? by Anonymous Coward · · Score: 0

      Apple tosses apps out of the app store for many reasons. Over the last 2-3 years, Uber's apps have shown to violate privacy and intentionally deceive regulators on a massive scale. Money aside (I know, that's asking a lot), how does Apple justify allowing them to continue to have an app in their app store?

      Because their new CEO keeps his balls in his purse. The previous CEO put them on display for all to see. Big difference.

    8. Re:Where's the limit with Uber on iOS? by Anonymous Coward · · Score: 0

      And how much of that popularity is inflated by carriers forcing it to be an unremovable system app on their locked in phones? I don;t know about iOS, but that is definitely how Android works with the carriers.

  5. There goes Apple's reputation for security. by whoever57 · · Score: 2

    There goes Apple's reputation for security.

    I expect that there was money involved.

    Apple cares about security, as long as there is no way to make money out of making you insecure.

    The only real remedy for this is if Apple pushed out an IOS update that took away the ability for these hidden privileges to exist, but likely they won't because probably the main other user of them is Apple itself.

    --
    The real "Libtards" are the Libertarians!
    1. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 0

      This is more about privacy than security.

    2. Re:There goes Apple's reputation for security. by JohnFen · · Score: 1

      Privacy and security are related. Privacy is a subset of security.

    3. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 0

      apples legendary security is just that; a legend.

    4. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 2, Interesting

      Oh fuck off Nancy. Are you seriously going to thrash Apple, when Google has been letting Android and its apps use you like a bitch for the past decade?

      I love how the blinders are up whenever horrible fucking practices are used by open source and Android developers, and suddenly you're outraged at Apple for what is probably a fuck up by an employee who didn't know better.

      Fuck this place and its users. What a bunch of narcissistic losers.

    5. Re:There goes Apple's reputation for security. by xlsior · · Score: 1

      Apple cares about security,

      They really don't -- all they are about is the perception of being secure ('you won't need antivirus on an apple'), but when you get right down to it they have been dragging their feet fixing known vulnerabilities in MacOS for years, and their software always scores poorly during pwn2own-style events.

    6. Re:There goes Apple's reputation for security. by Bing+Tsher+E · · Score: 1

      Are you angry? Why shoot the messenger? Apple and/or Uber are at fault here.

      I know, I know. Apple is "your team" and it's a rivalry match.

      Seriously, grow up.

    7. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 0

      Privacy and security are related. Privacy is a subset of security.

      No, privacy is NOT a subset of security but rather overlap. You could have privacy without any security even though it is recommended. Use the correct word. Don't generalize or simplify it because it could mislead to some other things else.

    8. Re:There goes Apple's reputation for security. by Aussie · · Score: 1

      posting to undo moderation error

    9. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 0

      So because one group of sociopaths is violating our privacy we shouldn't get upset when another group of sociopaths does the same thing? The point is we are pretty much screwed no matter what we do. The only winning move is not to play.

    10. Re:There goes Apple's reputation for security. by JohnFen · · Score: 1

      Are you seriously going to thrash Apple, when Google has been letting Android and its apps use you like a bitch for the past decade?

      Why not?

      If you're doing something wrong, whether or not others are just as bad or worse in no way excuses your actions.

  6. Bad engineering practices by JohnFen · · Score: 2

    It's sortof impressive how many times Uber apps have been found to contain questionable abilities that Uber claims they stopped using some time ago.

    For the sake of argument, let's assume that they are being truthful when they say these things. My response is: get your engineering house in order.

    Leaving dead code in your software is a terrible practice for a number of reasons. Don't wait until someone discover it's there before you remove it. Remove it as soon as you stop using it.

    1. Re:Bad engineering practices by cfalcon · · Score: 3, Insightful

      > For the sake of argument, let's assume that they are being truthful when they say these things. My response is: get your engineering house in order.

      It should be: demand that Apple remove Uber permanently from the app store. It doesn't matter if they stopped using, or never used, their backdoor exploit code (this is like the third one I think?), to actually do backdoor exploits. The mere fact that they designed it, developed it, and deployed it, means that they are actively evil from head to toe. The guy writing the screenlogger wasn't writing it because he never thought it would be used, his manager didn't ask for him to write it with the assumption that it would just be there *for no reason*, etc. The mere fact that they deployed it PERIOD means that they should be kicked right the hell out the door.

    2. Re:Bad engineering practices by JohnFen · · Score: 1

      Again, I'm giving Uber the benefit of the doubt for rhetorical purposes (I actually think that Uber is essentially a criminal organization who needs to be put out of business, but I'm setting that aside for the moment).

      Uber didn't say they put this in for no reason. The reason that they gave for implementing this is entirely plausible and, if that's all it was ever used for, hard to take exception with.

    3. Re:Bad engineering practices by Anonymous Coward · · Score: 0

      As someone who works in DevOps, if I wrote code that will never be used during a sprint and was a security hazard, in a few days, I'd be coming to work, find my badge doesn't work in the door, and security would tell me to GTFO, as the manager wouldn't even want to even look at my face for wasting his time and the team's time on stuff that would be bad PR.

      I already deal with 2 hour long stand-up meetings. Imagine justifying to everyone there why there was nefarious code put in, checked in, a pull request made, and it go through the CI/CD system. I'd probably be asked for my badge before the standup would be concluded.

    4. Re:Bad engineering practices by thegarbz · · Score: 1

      It's sortof impressive how many times Uber apps have been found to contain questionable abilities that Uber claims they stopped using some time ago.

      It's even more impressive that Apple hasn't booted them from the store because of this. Most other developers will be shown the door if Apple doesn't like the exact amount of grovelling they do to keep them from getting banned.

    5. Re:Bad engineering practices by Anonymous Coward · · Score: 0

      Uber asked Apple for the ability to access the API and Apple explicitly granted it to them.

      Now you want Apple to pull their app because Uber is using the API that Apple granted them permission to use?

      I think your outrage is misplaced.

  7. This is real bad by Anonymous Coward · · Score: 0

    My main reason for using Apple over Android is its strong security and privacy features. This incident has shaken my faith in Apple. Thankfully, I am not a victim as I don't use Uber.

    1. Re: This is real bad by Anonymous Coward · · Score: 5, Informative

      It's not as bad as it sounds.

      There was no way for the original apple watch to get maps on the phone. Apple allowed Uber to use a system function to take a screen recordings from the phone to send to the watch so it could show maps.

      Apple specially vetted the code source and inspected it with every update to make sure it was only taking and sending shots of map from Uber app.

      Basically you are already trusting apple for an enormous amount of things, this is just one more thing, you are trusting apple to sufficiently police the rare entitlements.

      However I agree it's seedy, and the app should need to request permission to record the screen just like for other access permissions. Apple seem to deliberately have done this on the down low.

    2. Re: This is real bad by Anonymous Coward · · Score: 1

      If Apple vetted the code then how come Uber was able to collect screenshots even when it was not running? It should have informed the user about the permission. I don't blindly trust Apple. I trust Apple that it will make right decisions and in this case, it failed me.

    3. Re: This is real bad by Kenja · · Score: 1

      It did inform users, there are three pages of app permissions. The Uber app has more or less full control over your phone.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    4. Re:This is real bad by Anonymous Coward · · Score: 1

      This incident has shaken my faith in Apple. Thankfully, I am not a victim as I don't use Uber.

      Not a victim of the announced leak, but what about the unannounced/undiscovered ones?

    5. Re: This is real bad by bug_hunter · · Score: 1

      It didn't take screenshots when not running.
      But the app had iOS's permission to do it.

      Apple vetted the code to make sure they didn't.

      As other's have said, this whole thing seems shady and unpleasant, but it doesn't look like this privilege was abused (though I'd rather they never had it in the first place).

      --
      It's turtles all the way down.
    6. Re:This is real bad by Anonymous Coward · · Score: 0

      What other apps do you use that has the "feature" discussed here? One written by the NSA or other three letter agency.

    7. Re: This is real bad by Anonymous Coward · · Score: 0

      Why is why it never will be installed on my device. Lyft and other places are cheaper anyway.

    8. Re: This is real bad by Anonymous Coward · · Score: 0

      If Apple vetted the code then how come Uber was able to collect screenshots even when it was not running?
      Not clear that that Uber actually could or did. The article is merely speculation that an app with read-from-framebuffer entitlement/permissions could potentially do screen captures, not that the Uber app actually did.

      If this entitlement could only be used by source code reviewed by Apple, then yes, it doesn't sound so bad. (I'm not familiar enough with Entitlements in Mac/IOS to know.)

      From article: "Strafach noted that he looked for indications that the entitlement had been used maliciously and found none."

    9. Re: This is real bad by Anonymous Coward · · Score: 0

      Really... Is the secret explicit entitlement permission list. If so then the user is to blame. If not its apple fault.

    10. Re: This is real bad by BasilBrush · · Score: 1

      You don't know what you are taking about. iOS does not list permissions. You are thinking of Android.

    11. Re: This is real bad by Anonymous Coward · · Score: 0

      Because have permission to and actually doing it are two different things.

      Root access is able to do anything, doesn't mean every single Peruvian running as root suddenly can do everything.

      Hopefully this makes apple wake and allow user consent for these "entitlements" but it's not as bad as people aware making out.

    12. Re: This is real bad by JohnFen · · Score: 1

      Because have permission to and actually doing it are two different things.

      True, but from a security point of view, you must assume that if an app has permission to do something, it is doing it.

    13. Re: This is real bad by Anonymous Coward · · Score: 0

      Um, what? You don't have to "assume" anything if you can view the source code, which Apple could.

    14. Re: This is real bad by JohnFen · · Score: 1

      And Apple did. But I'm talking about the end user, not the vendor.

  8. This is just the sort of collusion by Anonymous Coward · · Score: 0

    This is just the sort of collusion that I have come to expect from Apple - colluding with the other members of the corporate oligarchy to violate your rights and steal your information.

    1. Re:This is just the sort of collusion by Anonymous Coward · · Score: 0

      Good point. Its not like it hasn't happened before with ebooks.

  9. Curious how they convinced Apple? by redshirt · · Score: 1

    It's called money, dumbass.

  10. Whatcha mean 'secret'? by Kenja · · Score: 1

    Did no one read the permissions list the app asks for? Its really long... there is no reason for most of it, so why are people now shocked that it was nefarious? It even lists "modify or delete your storage contents" for Jobs sake.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Whatcha mean 'secret'? by Anonymous Coward · · Score: 2

      You are confusing iOS and Android. On iOS you don't accept permissions when installing an app, you accept them as app requests them during runtime.
      Unfortunately these "entitlement" permissions cannot be controlled by user.

  11. "Smart" just means "treacherous" by jabberw0k · · Score: 1, Interesting

    There's a reason why some of us only use free software on free operating systems, and this kind of abuse is a perfect example of what happens when you trust proprietary software on a closed operating system. If you use a so-called "smart" device, you are a patsy, a mark, a willing victim. Stop hurting yourself.

    1. Re:"Smart" just means "treacherous" by Anonymous Coward · · Score: 0

      What other choices are there when it comes to phones?

    2. Re:"Smart" just means "treacherous" by Nostalgia4Infinity · · Score: 1

      A smart phone is a tool. Use it correctly and it's fine, not to mention incredibly helpful.

    3. Re:"Smart" just means "treacherous" by Anonymous Coward · · Score: 0

      why some of us only use free software on free operating systems

      That's a very self-centered and selfish viewpoint. Nobody became rich by working for free or on free software. Even though Linux is used everywhere to make trillions for the companies using it, Linus is not a multi-billionaire like Zuckerberg considering that writing an OS is 1000 times harder than any social media website.

      Python makes (or saves) companies billions every year, yet its creator Guido doesn't make much financially from that success.

      Your demand for free software is only viable when everybody in this world works for free.

    4. Re: "Smart" just means "treacherous" by reanjr · · Score: 1

      As software developers, we don't build OSes and programming languages to sell. We build them to use, to provide services we (or others) sell. We are like scientists performing experiments and sharing the results with our colleagues to advance the craft. And like scientists, if you're not sharing your work, you're really not part of the community; you fundamamentally fail to understand what it is to be a part of a knowledge work community and industry.

    5. Re:"Smart" just means "treacherous" by Arkham · · Score: 1

      There's a reason why some of us only use free software on free operating systems, and this kind of abuse is a perfect example of what happens when you trust proprietary software on a closed operating system. If you use a so-called "smart" device, you are a patsy, a mark, a willing victim. Stop hurting yourself.

      No offense intended here, but there is no free software phone on the market. None of the carriers would even consider approving it.

      --
      - Vincit qui patitur.
    6. Re:"Smart" just means "treacherous" by JohnFen · · Score: 1

      Feature phones, or landlines.

    7. Re:"Smart" just means "treacherous" by JohnFen · · Score: 1

      Nobody became rich by working for free or on free software.

      Lots of people don't have "get rich" as their goal.

  12. taxis > uber by Anonymous Coward · · Score: 0

    I'm glad to continue to support taxi drivers.

  13. Shenanigans by Anonymous Coward · · Score: 0

    I call BS on this one.

    My screen-sharing provider says they can’t “cast” screens from iOS because Apple won’t provide such APIs. Of screen-sharing apps can’t share screens, how can Uber do it? Also, Uber has no reason whatsoever to request and/or use such a permission.

    1. Re: Shenanigans by JohnFen · · Score: 1

      TFA covers this: apple gave the Uber app special privileges not available to other apps.

  14. Where is uber storing my screenshots?! by Anonymous Coward · · Score: 0

    Have they deleted my screenshots yet?

    Who has looked at them in the meantime and harvested them in bulk to stick my personal private information in the Uber database?

    Long before now, Uber promising they never kept or processed my screenshots is meaningless crap from a bunch of lying unethical assclowns.

    Someone please assure me Lyft aren't nearly as scummy as the cock suckers at Uber.

  15. Uber = Evil by JustAnotherOldGuy · · Score: 1

    The more I learn about Uber, the more obvious it becomes that they're a shit-filled cesspool without a shred of ethics or morality.

    I was already pretty down on them, but this firmly cements my resolve to never EVER use them and to bad mouth them at every possible opportunity. Shitbags with a logo, that's all they are.

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:Uber = Evil by Anonymous Coward · · Score: 0

      The more I learn about Uber, the more obvious it becomes that they're a shit-filled cesspool without a shred of ethics or morality.

      I was already pretty down on them, but this firmly cements my resolve to never EVER use them and to bad mouth them at every possible opportunity. Shitbags with a logo, that's all they are.

      Amen ... the bigger the corporation, the less ethical they seem to be

  16. Nothing special on Android by iamacat · · Score: 1

    Screen recording is fully supported and available to any app. Note however that the system will ask you nicely if you want to allow a particular app to start capturing screen and this prompt can not be suppressed by the app. The user has a checkbox to allow the same app to do it silently in future. I don't know if Apple allows such access without user warning.

  17. Maps on your wrist by izzo+nizzo · · Score: 1

    By using this technique, the app was able to display a map on the watch screen. This allows you to keep your phone in your pocket when youâ(TM)re out in dark, possibly unfamiliar streets at night. There are security implications of that too.

    This is an interesting story and itâ(TM)s plausible that Uber would abuse this privilege if they could get away with that. But, if they couldnâ(TM)t, it may just be a story about how capable iOS and the App Stire review team are.

  18. How are "secret permissions" a thing? by Anonymous Coward · · Score: 0

    Apple actually allows developers to lie about what the app has permission to do? You think your personal files and data are safe in your expensive iPhone? Think again.

  19. web interface by Kreplock · · Score: 1

    This is why I don't download apps where an existing web interface that will do the job. I object to using Uber tho, so I don't even know whether you can use the service thru a web app. But so many other companies have perfectly serviceable web sites that you can use instead of an app, why let them even further thru the door and into your phone.