Security researcher Will Strafach found Uber’s app enjoying an unusual Apple iOS security permission not used by any other app. Called com.apple.private.allow-explicit-graphics-priority, this permission allowed Uber’s app to see what was on the user’s screen even if the Uber app was not active.
An Uber spokesperson explained the purpose of this security permission: “It was used for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone & then send the rendering to the Watch app.” The spokesperson continued: “Apple gave us this permission years because Apple Watch couldn’t handle our maps rendering.”
Uber indicated that it used the entitlement only in version 8.2 of its app, and that a subsequent update from Apple fixed the memory issue for Apple Watch and made this workaround unnecessary.
In an April 2017 letter, the London Metropolitan Police questioned why Uber had not notified the police about criminal offenses known to Uber. The Police reported Uber refusing to provide information within its custody unless the police submit a formal request, and also refusing to report crime to the police because such reports may breach rights of a passenger. The Police questioned Uber’s approach, saying that Uber is “allowing situations to develop” that affect public safety, and noting also that the extra steps Uber calls for can impede prompt prosecution and ultimately lead perpetrators to go free.
The letter’s conclusion:
The significant concern I am raising is that Uber have been made aware of criminal activity and yet haven’t informed the police. Uber are however proactive in reporting lower level document frauds to both the MPS and LTPH. My concern is twofold, firstly it seems they are deciding what to report (less serious matters / less damaging to reputation over serious offences) and secondly by not reporting to police promptly they are allowing situations to develop that clearly affect the safety and security of the public.
In Chicago, a man was charged in five area cases. He picked up four of his five victims by claiming to be an Uber driver.
Numerous passengers reported being charged cleaning fees, $50 to $150 or more, despite not making messes. Drivers can report that passengers caused messes (spilled drinks, urine, vomit, etc.) and receive compensation. But Uber has limited methods to assess whether drivers’ reports are accurate. Some passengers claimed that drivers sent false pictures or pictures taken on other occasions.
The Better Business Bureau said it has received more than 130 complaints about cleaning fees.
Details from CBS Philadelphia
Who’s Driving You? reports 287 incidents of alleged sexual assaults by Uber and Lyft drivers.
Who’s Driving You? reports 69 incidents of alleged assaults by Uber and Lyft drivers.