Uber Had the Opportunity to Monitor Everything on Your iPhone’s Screen

Daniel Jalkut:

Yesterday, Gizmodo reported that Uber had been granted an entitlement for their iOS app that allowed them to capture an image of an iPhone’s screen at any time, even when the Uber app was not the active app on the phone. This is a big deal, because users don’t typically expect than an iPhone app that is not active might have the ability to eavesdrop on anything they are doing.

I have long felt that the sandboxing infrastructure on both iOS and Mac should be used to more accurately convey to users specifically what the apps they install are capable of doing. Currently the sandboxing system is used primarily to identify to Apple what a specific app’s privileges are. The requested entitlements are used to inform Apple’s decision to approve or reject an app, but the specific list of entitlements is not easily available to users, whose security is actually on the line.

This is absolutely fucking ridiculous. Fuck Uber. Apple should be ashamed for working with them at any level. Allowing an app to covertly record your screen without any prompting is exactly the kind of thing that Apple’s iOS app review process should prevent.

Uber claims they didn’t do anything wrong with this ability, the security researchers told Gizmodo that they didn’t detect anything going on with this code.

There are companies that are less trustworthy than Uber, but few have the opportunity to be as evil on such a large scale. Enabling them to do anything more than operate at a basic level on your platform is a mistake. At this point Apple should block them entirely and attempt to help the Taxi industry to reform and compete with Uber. Not that Apple would ever would, but still that would be the best thing to come out of this. The next best thing would be the improvements to the entitlement system that Jalkut suggests.

I wouldn’t even bother to wonder what Uber are doing on Android, where security is a fucking joke and carriers are still selling devices running ancient versions of that operating system that are affected by dozens of security vulnerabilities. This is especially true for pay-as-you-go phones sold cheaply at places like Walmart, Target, and so on. Those carriers and stores are endangering their customers by continuing to sell these devices.

It’s Time For iOS To Allow Apps From Outside the App Store

Recently, Apple started removing VPN apps from their iOS App Store in China in order to comply with local laws. That may be something they have to do as a business, but it’s time to allow apps from developers outside of the App Store. Gruber:

To me, the more interesting question isn’t whether Apple should be selling its products in China, but rather whether Apple should continue to make the App Store the only way to install apps on iOS devices. A full-on “install whatever you want” policy isn’t going to happen, but something like Gatekeeper on MacOS could.

Keep iOS App Store-only by default. Add a preference in Settings to allow apps to be downloaded from “identified developers” (those with an Apple developer certificate) in addition to the App Store. In that scenario, the App Store is no longer a single choke point for all native apps on the device.

The App Store was envisioned as a means for Apple to maintain strict control over the software running on iOS devices. But in a totalitarian state like China (or perhaps Russia, next), it becomes a source of control for the totalitarian regime.

Gruber doesn’t think this will happen, but it should. These pocket computers are supremely important to communications and it’s well past time for Apple to open things up.

App Camp For Girls 3.0

Jean MacDonald:

App Camp For Girls is on a mission: we encourage girls to pursue app development as a career by teaching them how to make iPhone apps in a fun, creative summer camp program under the mentorship of women developers. We are shifting the gender balance in our industry. App Camp 3.0 is the next stage in bringing the program to more girls in more locations!

You should support App Camp for Girls in their latest crowdfunding campaign.

Thanks to John Gruber for the heads-up.

Apple’s App Store Delisting Civil War Games

Tasos Lazarides:

If you’ve been watching the news recently, you’ll know of the huge debate in the U.S over the role of the Confederate flag in contemporary America. Many see it as a reminder of the many pre-Civil War injustices while others see it simply as a way to honor the soldiers who died for the Confederacy. Many large US companies, like Walmart and Amazon, have already banned the sale of any Confederate flag merchandise as a reaction to the recent events. Now, it appears that Apple has decided to join them by pulling many Civil War wargames from the App Store

All of the Wolfenstein games and their sequels had to be altered in order to be released in Germany due to laws in that country. It takes some of the fun out of virtually kicking Nazi ass in those games, but to be fair it does give game developers a chance to be more creative in the depiction of them.

It’s not difficult to see how an overreaction like this takes place after recent events and that overreaction could be corrected by removing any games that are truly hateful and offensive but Tasos’ article pulls an official quote from Apple that these American Civil War games won’t be allowed back in the App Store without removing or replacing the flags entirely. It just doesn’t make sense to pull games that contain those flags unless the games are white supremacist bullshit, which these American Civil War games aren’t.

Stores choosing to not sell literal confederate flags is reasonable. They can choose to sell or not sell anything they want. I’ll still be disappointed the next time I want to kick some confederate ass on my iPad during a long plane ride and these games either aren’t there or have been altered.

Are you ‘app-noxious’?

“My husband and I bought Google (T-Mobile) G1 phones in December and there are tons of free apps you can download,” says Jessica Singleton, a 29-year-old freelance writer from Seattle. “He downloaded this one app, “DeskBell,” which makes noises, including a gong, a cowbell and a ‘ding’ like a service bell.”

Unfortunately, her husband began using the app whenever she said something he didn’t like.

“There have been a few times when I’ll say ‘Can you take out the trash?’ and I get gonged,” says Singleton, who recently got revenge by downloading “That’s Not Funny,” another noise-making app.

“He got home and I asked him how his day was. When he mentioned he’d lost a bet with a friend, I played the ‘Wa-wa-wa-waaaah’ noise, the one you hear on old sitcoms sometimes.”

via Are you ‘app-noxious’? – Tech and gadgets- msnbc.com.