Silkenweb Example: Hackernews Clone

Uber’s iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen

163 points by thisjustinm 7 years ago | 21 comments

et-al 7 years ago
While it's easy to point the finger at Uber given its history, we also need to be asking Apple why this isn't something that's apparent to the user.
freedomben 7 years ago
How is this not a more popular story on HN? This seems like huge news to me.
- tosstossy 7 years ago
  You may have just discovered how prolific Apple fanboyism is on HN. If Google did this it'd be a much bigger deal on HN and people would be pointing out how this is why they use Apple products.
  All smartphones are a privacy/security shit show, Apple is no exception.
  - Operyl 7 years ago
    Eh, compared to the “shit show” I just witnessed in the supposed “dark UI” around the new control center toggles, I’m inclined to believe that both sides get their side of crap.
  - tinus_hn 7 years ago
    Conversely Hackernews, like many tech sites, also has a million people who have to whine their exaggerated complaints on every Apple article, like how every software suddenly ‘slurps’ their battery, how nothing is ‘snappy’ anymore and how Jobs is spinning in his grave about the latest UI ‘disaster’ and problem’gate’.
    Today the walls in the hated ‘walled garden’ are not high enough.
    The reality: these exceptions are made in a way that is exposed to external users which is much more transparent than most companies would be. It is stupid that Uber still has access if they don’t need it anymore. If you have to do a demo and it has to work before it is ready you have to make tough decisions.
  - kinkrtyavimoodh 7 years ago
    If FB did this, people would be asking for Zuck's head on the chopping block.
- dbbk 7 years ago
  Well, if you take Uber at its word (which I know is difficult) that it was only being used to render maps on the Watch, it doesn't seem like that big a deal to me.
  - oliwarner 7 years ago
    If it's such a non-issue, just ask for the permission! That's what these granular permissions are for. To allow the OS to lock down features to stop naughty apps being naughty but still allow apps we want to have them to do their business.
    Sneaking around like this only begs the question: what else aren't they telling you?
  - BoiledCabbage 7 years ago
    Uber has add shown itself to be a very trust worthy company. And respectful of users privacy in the past. /s
mgamache 7 years ago
Wondering what the legitimate use for this was?
- jsiepkes 7 years ago
  From the article: “Apple gave us this permission years because Apple Watch couldn’t handle our maps rendering. It’s not connected to anything in our current codebase,” Uber’s spokesperson explained.
- matthewarkin 7 years ago
  The article states they were rendering maps screens on the phone and shipping the screenshot to the watch to handle performance issues with the watch.
  - deathanatos 7 years ago
    I don't buy this explanation. You need to full control over the screen's framebuffer to render an image?
    Even if your architecture is so hosed that you are screencap'ing the actual screen to get an image to ship over a network connection … multiple people thought that tradeoff with security was worth it?
    - eridius 7 years ago
      > You need to full control over the screen's framebuffer to render an image?
      No, but you do need the ability to render in the background, and apps aren't allowed to do any GPU-based rendering in the background (you can't touch an OpenGL context, and while I haven't actually confirmed this I assume you can't touch a Metal one either). This entitlement probably let them skip that restriction to do fast rendering in the background.
nwrk 7 years ago
Curious, how much access like this could cost. Still, FaceID is safe by design.