
Apple gave Uber's app 'unprecedented' access to a secret backdoor - krisgenre
http://www.businessinsider.in/Apple-gave-Ubers-app-unprecedented-access-to-a-secret-backdoor-that-can-record-iPhone-screens/articleshow/60963865.cms
======
wlesieutre
To summarize, Uber's app had a private entitlement ( _com.apple.private.allow-
explicit-graphics-priority_ ) that Uber says was used to draw the map on a
phone and send to their Watch app. Updates to the Uber app and the Apple Watch
now allow them to do it directly on the watch. The entitlement is no longer
needed and Uber says it's being removed.

The entitlement _could_ have been used to record users' screens without their
knowledge. On the one hand, there's no evidence of this having ever happened.
On the other, Uber has been known to engage in activity explicitly against App
Store rules to collect data on iPhone users, so it's hard to take their word
for it.

[https://arstechnica.com/gadgets/2017/04/tim-cook-once-
slappe...](https://arstechnica.com/gadgets/2017/04/tim-cook-once-slapped-uber-
on-the-wrist-for-breaking-the-app-store-rules/)

EDIT - note that Uber's response says their device fingerprinting was withing
Apple's guidelines. But Apple has gone out of their way to make it so that
apps can't fingerprint devices between installs, so color me skeptical.
They've gotten to bend a lot of rules that I don't think I'd get away with.

~~~
jlgaddis
WRT device fingerprinting: I am not an app developer but I recall reading a
recent comment here on HN that Apple now provides a built-in way to do
fingerprinting but that, IIRC, it is to be able to track multiple
installations of the same application on a single device.

I certainly agree that we shouldn't simply blindly trust Uber if they say they
haven't misused this privilege (due to their previous behavior). I certainly
would not be surprised to learn, at some future date, that they were, in fact,
abusing this entitlement.

------
RasputinsBro
Over the past month or so we've be hearing this meme on HN that due to its
business model not depending on advertising, Apple is the one company that can
be trusted to have the incentives to protect their users privacy.

Oops.

