
Uber’s iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen - thisjustinm
https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235
======
et-al
While it's easy to point the finger at Uber given its history, we also need to
be asking Apple why this isn't something that's apparent to the user.

------
freedomben
How is this not a more popular story on HN? This seems like huge news to me.

~~~
tosstossy
You may have just discovered how prolific Apple fanboyism is on HN. If Google
did this it'd be a much bigger deal on HN and people would be pointing out how
this is why they use Apple products.

All smartphones are a privacy/security shit show, Apple is no exception.

~~~
Operyl
Eh, compared to the “shit show” I just witnessed in the supposed “dark UI”
around the new control center toggles, I’m inclined to believe that both sides
get their side of crap.

------
mgamache
Wondering what the legitimate use for this was?

~~~
matthewarkin
The article states they were rendering maps screens on the phone and shipping
the screenshot to the watch to handle performance issues with the watch.

~~~
deathanatos
I don't buy this explanation. You need to full control over the screen's
framebuffer to render an image?

Even _if_ your architecture is so hosed that you are screencap'ing the actual
screen to get an image to ship over a network connection … multiple people
thought that tradeoff with security was _worth_ it?

~~~
eridius
> _You need to full control over the screen 's framebuffer to render an
> image?_

No, but you do need the ability to render in the background, and apps aren't
allowed to do any GPU-based rendering in the background (you can't touch an
OpenGL context, and while I haven't actually confirmed this I assume you can't
touch a Metal one either). This entitlement probably let them skip that
restriction to do fast rendering in the background.

~~~
willstrafach
I do wonder why they execlusively got it, and others (who must have had
similar rendering issues) did not.

~~~
eridius
Presumably because they were a headlining launch app for the Apple Watch and
were in the keynote.

~~~
jsjohnst
Wasn’t Lyft also showcased at that event?

------
nwrk
Curious, how much access like this could cost. Still, FaceID is safe by
design.

