Science

Apple has allowed Uber to covertly monitor iPhone

Apple has allowed Uber to covertly monitor iPhone

According to Gizmodo, the "feature" was discovered by Sudo Security Group who said that such a permission, known as "entitlement" - a word that describes Uber very well generally - must have been explicitly granted by Apple at OEM level.

Will Strafach, a security researcher, has reported that Apple gave Uber an undocumented private app permission allowing it access to the screen-recording feature.

"The "entitlement" isn't common and would require Apple's explicit permission to use", the researchers were quoted as saying.

The functionality is an exclusive permission from Apple and was granted to Uber to help them launch their Apple Watch app. Uber was one of the stars of Apple's keynote on the Apple Watch in March 2015. The objective, however, is not to take screenshots of iPhones, but rather to fix map rendering in older versions of the Apple Watch, which were unable to properly carry out the process.

"It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production".

Another concern is that a hacker might be able to break into the network of Uber and take advantage of the capability to steal sensitive information from users, including passwords.

"Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen", Todesco told Gizmodo. ZDNet reports that the Uber app can read the screen buffer in iOS, allowing it to view and potentially record anything on your iPhone's screen without your knowledge. He even threatened to remove the app from the Apple App Store altogether.

The existence of Uber's access to special iPhone functions is not disclosed in any consumer-facing information included with Uber's app, despite giving the company direct access to features so powerful that Apple nearly always keeps them off limits to outside companies. Uber was reportedly caught tracking iPhones even after the app was removed from the device.

It's not the first time Uber has made headlines for alleged surveillance infringements.

Kevin Lynch, Apple's VP of technology, demoed Uber's Watch app onstage, showing how a rider could request a auto and track its progress on a map, just as the app would work on the iPhone. For example, the so-called Hell program of Uber allegedly allowed the company to monitor the activities of the drivers of rival Lyft, so some may think that the hidden feature could have also allowed Uber to keep track of customers' usage of the Lyft app. And just last month, the FBI started investigating Uber for the "Hell" program it used to track Lyft drivers.