Apple reportedly allowed Uber to use a feature in the app, which would be capable of recording everything that a user sees on their screen, security researchers told Gizmodo on Thursday. Neither Apple nor Uber has mentioned this function on any consumer platform. According to researchers, Will Strafach and Luca Todesco, this capability was put to make the Uber app work smoothly on Apple Watch.
What raises the alarm is the fact that this capability allowed Uber to watch everything ranging from passwords to any other personal document that appeared on the screen. This could give an upper hand to the hackers, who can seep into the devices of the customer, if they succeed in hacking the Uber app.
Almost every iPhone app has the “entitlement” feature, which allows software to enable features such as Apple Pay or camera on the iPhones and iPads. However, some entitlements are meant exclusively for Apple under the name, “com.apple.private.” In case Apple comes across any app developer using this entitlement, the iPhone maker simply rejects the app from the App Store, notes BI. However, the researchers found that Uber is using one such entitlement dubbed as “com.apple.private.allow-explicit-graphics-priority.”
“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Strafach said. “Considering Uber’s past privacy issues, I am very curious how they convinced Apple to allow this.” However, the researchers said there is no evidence of Uber using the special privilege wrongly.
“Apple gave us this permission because early versions of Apple Watch were unable to adequately handle the level of map rendering in the Uber app,” Uber told BI. “This dependency was removed with previous improvements to Apple’s OS & our app. Therefore, we’re removing this API from our iOS codebase.”
Given the history of Uber, it would not be wrong to say that the company may have used it to track the frequency at which the customer opens other ride-hailing apps. However, Uber said the entitlement was not used for any such thing like tracking the drivers or putting surveillance on the users. Such a possibility can’t be ruled out entirely because in the past Uber has used the programs to track drivers of rival Lyft. Further, it also went a step ahead to track efforts by undercover authorities, who were assigned to catch the illegal taxi service in the area.
According to The New York Times, Apple CEO Tim Cook warned Uber earlier this year that if the company continues to violate the rules by tracking the iPhone, it could be blocked from the App Store. Separately, a recent update to the iOS software allows users to control the access over their locations. With the latest iOS update, users can select the app that can track the location every time it is used, and not beyond that.
As of now, there has been no comment from Apple. One reason why Apple may have allowed Uber access to this sensitive code could be because Uber was the launch app when Apple Watch was demonstrated in 2015.