Accessing Employee Settings On Uber

How I accessed employee settings on Uber’s latest iOS app

While debugging an upcoming app of mine, I accidentally got a closer glimpse into Uber’s iOS app internals. I was surprised by what I found and how easy it was to accomplish my findings.

Method of Discovery

I began by firing up Charles, a tool that allows you to monitor and analyze traffic between a client and the internet. Because my lifeblood is building client-server applications, I am a religious user of Charles to aid me in my daily development tasks. I usually route all traffic between the internet and my iOS device through my machine by setting it up as a proxy. While inspecting and debugging the network traffic of my app, I needed a ride so I fired up the latest version of the Uber app and suddenly began receiving requests/responses their app was making/receiving, so I decided to take a closer look.

Uber utilizes SSL in their requests, so if inspected in their raw format, the request would look like a bunch of gibberish, but with Charles, you are able to self sign requests, effectively allowing you to view the requests in plain text. With the requests flowing in, I noticed a request made every 5 seconds:

Network traffic inspection via Charles

One particular request of interest is used by Uber to receive and communicate rider location, driver availability, application configurations settings and more to devices. Upon inspecting the response, I discovered the key isAdmin, which was set to false for my particular account. Charles allows you to define rewrite rules, so I rewrote the response, changing the value for isAdmin to true, curious to see the effects it would have on the app. I perused through the app with the new value applied… lo and behold, I stumbled upon the Employee Settings screen from the About screen:

To view the full screenshots, visit http://www.nathanmock.com/archives/how-i-accessed-employee-settings-on-ubers-app

As you’ve probably noticed, Uber’s app is extremely dynamic. Their client’s architecture allows them to customize the app’s UI to certain geographical areas, riders, and even individual devices, allowing them to do things such as deliver kittens, deliver food, offer rides on helicopters, and change prices…all without re-submitting the binary for approval to the app store. This is common practice for many client-server applications, a neat way to target certain features/functionality to a limited subset of users without the burden/time constraints of submitting an app for review.

Nathan Mock is an iOS Engineer with a passion for building delightful apps. Visit his website to view more posts. Get in contact at nathan@nathanmock.com or follow him on Twitter, @nmock.