[nodamage]

> If these abuses happen under the aegis of the current App Store, doesn't that nullify the argument that App Store review is sufficient protection?

Not at all. App Store review is not perfect and no one expects it to be. That doesn't mean it has no value or that we should get rid of it entirely. Otherwise you could make the same argument about any system involving unscrupulous actors: "people still kill despite there being laws against murder, doesn't that mean the law is pointless?"

> This also ignores that it's conceivable that Apple can harden iOS's existing permissions system.

Curious how you think this would actually solve the issue I linked above.

[Apocryphon]

> App Store review is not perfect and no one expects it to be.

But Apple is clearly presenting it as such.

> That doesn't mean it has no value or that we should get rid of it entirely.

That is correct, but right now it is the only game in town. There's no secondary stores that present it with competition. Already we read about top-10 grossing apps that are actually scammy. Perhaps Apple will strengthen its App Store when presented with alternatives.

> Curious how you think this would actually solve the issue I linked above.

It really depends on what mechanism that Uber is using to bypass the notifications systems. But off the bat, iOS could force even more granular alerts to the user when sensitive permissions are required.

Curious too, how you think that App Store review currently solves this issue. Uber is already too significant to the platform for Apple to do much more than give them a slap on the wrist, as seen historically.

https://www.cnet.com/news/privacy/apple-tim-cook-threatened-...

[nodamage]

> But off the bat, iOS could force even more granular alerts to the user when sensitive permissions are required.

How does having more granular alerts actually solve this issue?

> Curious too, how you think that App Store review currently solves this issue.

Well, obviously it doesn't, currently. App Store review needs to update their rules to address this type of abuse. Uber is big but they've taken hard line stances against bigger apps before (e.g. Facebook).

> https://www.cnet.com/news/privacy/apple-tim-cook-threatened-...

Sounds like a success story, imagine the alternative scenario where there was no review process and Uber could get away with this unimpeded.

[Apocryphon]

I don't think it's a rules update thing. It's more like review didn't uncover this behavior. (In the past Uber had gone all the way to use geofencing to evade reviewers and regulators.) Maybe this could've been only uncovered through long-term testing by reviewers who actively use the app day to day. Maybe they need such a process that does that.

> Sounds like a success story, imagine the alternative scenario where there was no review process and Uber could get away with this entirely.

It'd say 60-40. The 40% downside is that Apple deigned to go through with actually pulling Uber from the store, even just for a few days. Do you think they'd do anything even remotely similar over the notifications permission leak you cited?

> How does having more granular alerts actually solve this issue?

More restrictive and more transparent handling of permissions. Maybe this mechanism was caused by Uber bundling some sort of library that led to permissions leak. Perhaps the OS could expose that permission being triggered.

[nodamage]

> More restrictive and more transparent handling of permissions. Maybe this mechanism was caused by Uber bundling some sort of library that led to permissions leak. Perhaps the OS could expose that permission being triggered.

I don't think you've thought this all the way through. Once a user grants me permission to send them push notifications because they want to know when their ride shows up, you can't really stop me from pushing them ads through the same channel.

[Apocryphon]

Then it sounds like we have found ourselves a problem that is unsolvable both by OS-level protections and App Store review restrictions, and perhaps we should look beyond to other ways to rein in Uber.

> Once a user grants me permission to send them push notifications because they want to know when their ride shows up, you can't really stop me from pushing them ads through the same channel.

Wait, can't an improvement upon the OS be to make it more granular so that Uber is forced to establish separate permissions channels for rides (vital) vs. ads (not-so-vital), and that every time a notification of a certain type appears, the user is given the option to mute that channel entirely?

[nodamage]

Sure, you can offer me different notification channels for rides vs ads. But remember, I am an unscrupulous developer. How are you going to stop me from sending you ads through the rides channel?

My underlying point, of course, is just because the operating system provides certain APIs, does not mean they are going to be used in good faith.