Big Uber is watching you
The list of permissions that are needed for the application to work can be found in the “AndroidManifest.xml” file inside the APK. At first, we see only garbage:

However, the xml-apk-parser utility comes to our aid.

Now we can see the list of permissions in explicit form:
What the heck? Does the taxi search application want access to my camera, to my phone calls, to wifi neighbors and the like? Wait a bit more fun.
public void run()
{
Looper.prepare();
InAuthManager.getInstance().updateLogConfig(this.val$URL, this.val$acctGUID);
InAuthManager.getInstance().sendAccountsLog(this.val$transID);
InAuthManager.getInstance().sendAppActivityLog(this.val$transID);
InAuthManager.getInstance().sendAppDataUsageLog(this.val$transID);
InAuthManager.getInstance().sendAppInstallLog(this.val$transID);
InAuthManager.getInstance().sendBatteryLog(this.val$transID);
InAuthManager.getInstance().sendDeviceInfoLog(this.val$transID, true);
InAuthManager.getInstance().sendGPSLog(this.val$transID, true);
InAuthManager.getInstance().sendMMSLog(this.val$transID);
InAuthManager.getInstance().sendNetDataLog(this.val$transID);
InAuthManager.getInstance().sendPhoneCallLog(this.val$transID);
InAuthManager.getInstance().sendSMSLog(this.val$transID);
InAuthManager.getInstance().sendTelephonyInfoLog(this.val$transID, true);
InAuthManager.getInstance().sendWifiConnectionLog(this.val$transID);
InAuthManager.getInstance().sendWifiNeighborsLog(this.val$transID);
}
});
Where does all this go? What for? Something I can’t remember giving Uber permission to read my SMS messages.
Anyone interested can see the code here . I especially liked the hasHeartbleedVulnerability () method. Why would they know that?
Move on.

See? Stericson.RootTools
Uber checks if there is a root on your device and sends this information to someone. He also searches for various malware, monitors the activity of some applications and does other interesting things.
I do not make any definite conclusions. Maybe I'm just paranoid. Be careful.
Via geronsec.com