Apple gave Uber access to a powerful tool that allows the ride-hailing giant to record everything on your iPhone's screen even if the Uber app is only running in the background, security researchers discovered.
The screen recording capability comes from what's called an "entitlement" - a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems such as iCloud or Apple Pay. The permission is known as "com.apple.private.allow-explicit-graphics-priority" and allows developers to access and alter parts iPhone's memory that contains data on pixel and display.
Strafach said that to his knowledge, based on thousands of app binaries he has indexed, Uber is the only third-party app that was given a private entitlement.
Apple didn't comment. But one reason why Apple may have let Uber use this sensitive piece of code - which likely would have needed to have been approved by senior management - is because the Uber app was demonstrated on-stage when it launched the Apple Watch in 2015 and Uber was a launch app for the Apple Watch. Future versions of the Uber app will remove the code, a spokesperson said.
Strafach told Gizmodo that although he looked for indications that the entitlement had been used for malicious purposes, he was unable to find any evidence of such activity. "Uber has this? It allows them to record the screen even when app is closed and potentially steal sensitive info".More news: Saudi Monarch Begins Historic Trip to Russian Federation
More news: Mass shooting suspect may have planned attack during Life is attractive festival
More news: Confident Indians will eliminate the Yankees in four games | Jeff Schudel
CRAPSI CAB company Uber has the power to secretly record iPhone users screens, according to new research.
Uber and Apple did not publicly disclose such alleged information; rather, some researchers state they recognized the screen recording tool, reports Business Insider.
The spokesperson said the entitlement "isn't connected to anything in our current codebase, meaning it's non-functional and there's no existing feature using it". "This dependency was removed with previous improvements to Apple's OS & our app". This could give an upper hand to the hackers, who can seep into the devices of the customer, if they succeed in hacking the Uber app.
In April, it was revealed that Apple's CEO met with Uber's then-CEO to discuss the fact that the car-hailing company had tagged iPhones that had deleted the app - a clear violation of Apple's rules, The New York Times reported at the time. Such a possibility can't be ruled out entirely because in the past Uber has used the programs to track drivers of rival Lyft.
In 2014, an Uber executive in NY was investigated for tracking a BuzzFeed News reporter with a "God View" without her permission.