Apple authorised API allowing Uber to record users’ iPhone screens
Apple often takes a strict approach to security, but an apparent slip-up authorised an API which allowed Uber to record users’ iPhone screens.
Security researcher Will Strafach made the claim saying the powerful ability would allow Uber to record the screen even when it’s running in the background.
The ability comes from what Apple calls ‘entitlements’ which allow app developers to do things requiring special privileges such as interacting with iCloud or Apple Pay. The screen recording entitlement was designed to improve memory management on the Apple Watch.
Strafach highlighted the entitlement is not common and would have required explicit permission from Apple to use. In fact, he was unable to find another app live on the App Store with the capability.
“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Strafach said to Gizmodo. “Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”
On several occasions, Uber has been accused of questionable practices. For example, just earlier this year it was accused of using a 'Hell' software program for industrial espionage against Lyft. The company also recently had its license revoked from operating in London over concerns about its conduct including the failure to report drivers accused of sexual assault to police.
Uber claims Apple authorised use of the API when the Apple Watch debuted to meet deadlines to get their app working on it.
"Apple gave us this permission years because Apple Watch couldn't handle our maps rendering. It's not connected to anything in our current codebase," an Uber spokesperson said.
Following the researcher’s discovery, Uber says as the permission is no longer in use it will be removed from the app.
Are you surprised Apple provided Uber with this functionality? Let us know in the comments.
- » Consumers are more satisfied with Apple CarPlay over Android Auto
- » Pusher 'Beams' enables read receipts for push notifications
- » TomTom launches free mobile maps SDKs to developers
- » Fortnite developer and Google have an Epic spat over vulnerability
- » Google upgrades its speech APIs with improved features