
Uber app can secretly record your iPhone screen thanks to special ‘entitlement’ - chmars
https://thenextweb.com/apple/2017/10/06/report-uber-can-spy-on-iphone-users-with-ios-11s-screen-recording-feature/
======
merricksb
Earlier discussion:

[https://news.ycombinator.com/item?id=15411533](https://news.ycombinator.com/item?id=15411533)

------
rovek
Interesting that this is being framed as an Uber transgression when Apple
should take the rap for even creating this permission in the first place.

~~~
raverbashing
I'd say the permission is valid (seems to be direct fb access or something
similar), but should be allowed only in very specific cases

~~~
jaclaz
>I'd say the permission is valid (seems to be direct fb access or something
similar), but should be allowed only in very specific cases

Maybe, but then the user should explictly authorize it AND it should be
optional, if this is not the case, then it should not exist.

In any case, it does sound a bit shady that such permission exists at all and
- according to the article - Apple "can decide" who can use it.

It seems like there are "class A" and "class B" developers rated by Apple and
given (or denied) this "permission".

------
omarforgotpwd
According to the update at the end of the article, Uber says they only used
this API to render maps in an early version of their Apple watch app and they
haven't been using it at all for some time. They claim they are working with
Apple to get this entitlement removed.

~~~
HenryBemis
1\. Yes and I believe them (not). They will. Now. That they got busted. Red
handed. Again.

2\. They can't catch a break!! (but they try really hard to be on the news
with news of sexual harassment, actively identifying and avoiding authorities,
trying to cover up rapes, spying on drivers and clients)(that's a good rap
sheet)

~~~
macspoofing
It seems legitimate.

You also seem to irattionally hate Uber.

~~~
jon-wood
It does seem legitimate, but I'm not sure the hatred of Uber is really
irrational - they've got a terrible record for shady behaviour, which is going
to influence people's opinion of them when something like this comes up.

------
benevol
Apple letting a (morally corrupt) third party violate your privacy.

And some people still think the government/NSA does somehow not have complete
access to your data?

------
Asdfbla
Stuff like that is a bit at odds with the pro-privacy marketing that Apple has
been pushing recently. Guess it shows how important certain high-profile apps
are for smartphone ecosystems when Uber even got Apple to give them access to
features like that.

------
origami777
I just uninstalled it. I do too many confidential things on my phone to even
let this be a possibility. That's too bad because I was an avid Uber user. I
hope they can shed some light on this and say it's fixed (and verified).

~~~
redka
I guess you can still use m.uber.com

~~~
origami777
Thanks for sharing that. I wasn’t aware

------
roel_v
On a similar topic, how does the facebook app on android suggest me pictures
taken with the camera on the phone, when neither it nor any of the facebook
infrastructure apps have any permissions on accessing local media?

~~~
superfrank
What version of the app and Android are you running? I'm on Android 8.0 and
just double checked, the second I turn off the storage permission, Facebook
can no longer suggest or access any images on my device.

~~~
roel_v
Oops I'm a dumbass scaremongerer it seems - indeed I did have 'storage' still
checked despite thinking I had everything disabled! Sorry!

------
Tepix
For the first time I tried to install the Uber app last weekend when I needed
a taxi in a country where Uber is present.

I then found out that the Uber iOS app is larger than 150MB (!).

I couldn't come up with a reason why the App would need to be that
ridiculously huge except for spying frameworks so I did not download it. There
were taxis waiting less than 30m away anyway.

I'm glad I have not sold my soul to Uber ;-)

~~~
piva00
Spying frameworks wouldn't be responsible for taking so much space, usually
the largest files in mobile apps are the assets (sounds, videos, images, etc.)
and not code, code is actually quite minimal.

So yup, your assumption is probably very wrong. And I'm not an Uber user
(exactly for privacy and ethical reasons).

~~~
chrisper
Don't iOS apps also have all resources embedded regardless of the device? Like
high res retina icons are in the app even though you are using an iPhone 4 or
whatever. That would also explain the larger app size.

~~~
Sephiroth87
Not since iOS9...

