cool good to know! this is a really nice article btw. thanks for the research!

I am an Android Developer myself and can see from the posts only, that there are no SMS read and send permission asked for in the Manifest File. These are the permissions required for reading and sending SMS from your phone.

1. To Read an SMS
Link : http://developer.android.co...

Written in the Manifest File as :
<uses-permission android:name="android.permission.READ_SMS">

</uses-permission>

2. To Send an SMS

Link : http://developer.android.co...
written in the Manifest File as :

<uses-permission android:name="android.permission.SEND_SMS">
</uses-permission>

I dont see those permissions in that AndroidManifest.xml file, so this blog is just plain lack of knowledge of how the application is used, as unless it has the permission mentioned in the manifest file, it cannot send or read sms from the smartphone.

Good that the author clarified the blog was incorrect, i am just mentioning the technical aspect of the inaccuracy of the blog writer. To add on that, Android does not support adding permissions dynamically, so it cannot add permissions via classes to the application according to my knowledge.

Awesome Information about Ubers App . Thanks for Updates

@digitalhubinc
www.digitalhubinc.com

Cult of mac… that says it all. Its the kind of scaremongering that ios promotersblike to use to scare the
isheep away from even considering Android. Its the kind of misinformation they use to make the idrones feel secure in their walled garden safe in tier smug superiority. Android makes sure you are informed about what your apps are doing and treats youblike an adult and let's you do your own the thinking. Something that ios seems intent on riding its users of

This is actually Google's fault. The experience for requesting permissions at app Install is terrible. They use very generic statements to describe the permissions.

Perhaps enabling developers to add to the permission description what they use the permission for would be a better solution. This way users can see the generic Google description and then what the developer is going to do with such a permission.

Another solution would be to allow permissions to be requested at runtime, this way the users can associate the required permission with the feature that they're about to use.

CyanogenMod's Privacy Guard is sort of like a permissions manager at runtime. Except that it only deals with personal data instead of all permissions.

what about driver side app software

“Access to permissions including Wifi networks and camera are included so that users can experience full functionality of the Uber app. This is not unique to Uber, and downloading the Uber app is of course optional.” A TOTAL LIE!!!!!!!! I NEVER DOWNLOASDED THE APP BUT IT IS ON MY PHONE WITH NO WAY TO REMOVE!!!!!!!!! TOTAL CRAP. GET OFF MY PHONE UBER.

Security researcher GironSec has pulled Uber's Android app apart and discovered that it's sending a huge amount of personal data back to base – including your call logs, what apps you've got installed, whether your phone is vulnerable to certain malware, whether your phone is rooted, and your SMS and MMS logs, which it explicitly doesn't have permission to do. It's the latest in a series of big-time missteps for a company whose core business model is, frankly, illegal in most of its markets as well.

It's not what the app does that bothers me; it's what the company does that really gets on my nerves. Just delete the app already.
http://www.independent.co.u...