Yes, you're correct. They don't. And it's pervasive - it's not just Uber, it's the developers of the software Uber writes. Shake out the tree of any Uber service and you'll find that maybe 0.1% of the code is written by someone who cares about security, and maybe 10% of that code was written by someone who knows about security.
Developers do not give a shit. Security is not something they're trained in, interested in, or competent in (though they often think they are).
Security is a couple of people trying to bucket out the water as fast as they can from every sinking ship while developers are taking a piss on the floor and poking holes in the hull.
I think the bar for devs is extraordinarily low and we'll keep seeing this sort of thing until it we collectively raise it. Thankfully it seems like, very recently, this is starting to maybe happen. Packages requiring 2FA is the first thing I've seen that seems to indicate that developers are going to have to do the bare minimum for security in order to participate.
Developers do not give a shit. Security is not something they're trained in, interested in, or competent in (though they often think they are).
Security is a couple of people trying to bucket out the water as fast as they can from every sinking ship while developers are taking a piss on the floor and poking holes in the hull.
I think the bar for devs is extraordinarily low and we'll keep seeing this sort of thing until it we collectively raise it. Thankfully it seems like, very recently, this is starting to maybe happen. Packages requiring 2FA is the first thing I've seen that seems to indicate that developers are going to have to do the bare minimum for security in order to participate.