[nodamage]

> But off the bat, iOS could force even more granular alerts to the user when sensitive permissions are required.

How does having more granular alerts actually solve this issue?

> Curious too, how you think that App Store review currently solves this issue.

Well, obviously it doesn't, currently. App Store review needs to update their rules to address this type of abuse. Uber is big but they've taken hard line stances against bigger apps before (e.g. Facebook).

> https://www.cnet.com/news/privacy/apple-tim-cook-threatened-...

Sounds like a success story, imagine the alternative scenario where there was no review process and Uber could get away with this unimpeded.

[Apocryphon]

I don't think it's a rules update thing. It's more like review didn't uncover this behavior. (In the past Uber had gone all the way to use geofencing to evade reviewers and regulators.) Maybe this could've been only uncovered through long-term testing by reviewers who actively use the app day to day. Maybe they need such a process that does that.

> Sounds like a success story, imagine the alternative scenario where there was no review process and Uber could get away with this entirely.

It'd say 60-40. The 40% downside is that Apple deigned to go through with actually pulling Uber from the store, even just for a few days. Do you think they'd do anything even remotely similar over the notifications permission leak you cited?

> How does having more granular alerts actually solve this issue?

More restrictive and more transparent handling of permissions. Maybe this mechanism was caused by Uber bundling some sort of library that led to permissions leak. Perhaps the OS could expose that permission being triggered.

[nodamage]

> More restrictive and more transparent handling of permissions. Maybe this mechanism was caused by Uber bundling some sort of library that led to permissions leak. Perhaps the OS could expose that permission being triggered.

I don't think you've thought this all the way through. Once a user grants me permission to send them push notifications because they want to know when their ride shows up, you can't really stop me from pushing them ads through the same channel.

[Apocryphon]

Then it sounds like we have found ourselves a problem that is unsolvable both by OS-level protections and App Store review restrictions, and perhaps we should look beyond to other ways to rein in Uber.

> Once a user grants me permission to send them push notifications because they want to know when their ride shows up, you can't really stop me from pushing them ads through the same channel.

Wait, can't an improvement upon the OS be to make it more granular so that Uber is forced to establish separate permissions channels for rides (vital) vs. ads (not-so-vital), and that every time a notification of a certain type appears, the user is given the option to mute that channel entirely?

[nodamage]

Sure, you can offer me different notification channels for rides vs ads. But remember, I am an unscrupulous developer. How are you going to stop me from sending you ads through the rides channel?

My underlying point, of course, is just because the operating system provides certain APIs, does not mean they are going to be used in good faith.

[Apocryphon]

What I mean is if a notification presents itself, allow the user to mute it. If that channel was intended for rides, then the unscrupulous developer simply disables their own app.

[nodamage]

That's pretty unfortunate for the end user who is then forced to choose between having all notifications or not at all.