In Other API Economy News: Uber App Raises Security Questions and More

The week is in full gear and we bring you a review of the stories we couldn’t cover with a look at what what going on in the world of APIs. We start with AssemblyAITrack this API which has released an API for customized speech recognition. As we’ve mentioned numerous times, speech has become an important interface with any number of products including the Amazon Echo, Google Home, Siri and Cortana being put into the marketplace to meet growing consumer demand. The API can be used to build voice powered smart devices, transcribe phone calls or videos, or transcribe audio in real time. The provider claims that no training is required for the API and that it can recognize an unlimited number of custom words, thus saving users money. It will be interesting to see if this technology is enough of a differentiator to draw customers without having larger competitors take their ideas and integrate it into their platforms.

Another week, another financial services API. This past week saw Oracle release it’s Banking Payments API service. An Oracle press release states that “customers demand constant availability for real-time, frictionless payments. Grappling with increasing levels of operational complexities, banks have increasingly adopted siloed structures and multiple messaging standards leading to a disharmonized payment landscape.” To address these demands, the service leverages ISO 20022, a universal scheme used in the financial industry for developing messaging standards. This is done to provide data standardization in an attempt to support greater automation of payment processing. Interested developers can learn more at the Banking Payments page.

We finish with another warning about API security. Security vendor Appthority recently analyzed the Uber app for both Android and  iOS devices and came away with the conclusion that the ride-sharing app is potentially putting sensitive personal and corporate data at risk. According to the research the following items put app users at risk:

  • Uber’s privacy policies are incomplete, and therefore mislead enterprises who rely on privacy policies to evaluate app risk
  • Uber has added many services which collect data and run in the background, even when the app is not in use
  • Third-party apps are not adhering to Uber’s Terms of Use, including not using encryption and therefore exposing private information

Uber has since responded to these claims stating that the comments were based on tests of an older version of its app, that the services collecting data are to support location-based functionality and can be turned off, and that the terms of service restrict the information that can be shared with API partners and only if the user grants explicit permission through their OAuth implementation. Uber didn’t comment directly on if third-party apps were in violation of their terms of use, but regardless it serves as a reminder that even if you build in security, there is no guarantee that app developers using your API will use the same care.

Wendell Santos is the editor at ProgrammableWeb.com. You can reach him at wendell@programmableweb.com. Connect to Wendell on Twitter at @wendell78 or Google+.
 

Comments