Uber's app can secretly spy on your iPhone

Share

The screen recording capability comes from what's called an "entitlement" - a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems such as iCloud or Apple Pay.

But there are certain entitlements used only by Apple, giving the company's software tight integration with the iPhone.

It appears that back in 2015 Apple viewed Uber as a "trusted developer" that deserved the special permissions. "Even if Uber doesn't have any ulterior motive and the special "entitlement" is only for rendering the maps, malicious hackers if gain access to the internal controls in Uber could spy on users at mass", said Ankush Johar, Director at HumanFirewall.io, a cybersecurity company. Another person said that out of the top 200 free apps, no other used private Apple entitlements.

Uber stated the entitlement was only used in the 8.2 version of the Uber app and remains dormant in the newer versions since the newer versions of the Apple Watch can process the maps on their own. "Stop the trickery or Uber's app would be kicked out of Apple's App Store", Cook reportedly warned Kalanick during the meeting.

The Uber app was a feature in which without notice to the user to read from the iPhone screen. The firm added that it is working with Apple to remove the API completely. Its status as an entitlement means the permission is normally withheld from developers and only granted in special cases.

Uber and Apple did not publicly disclose such alleged information; rather, some researchers state they recognized the screen recording tool, reports Business Insider.


A majority of iPhone apps use software to enable features like the camera or ApplePay known as "entitlements". That's why Apple doesn't allow just any company to use private entitlements.

The big mystery here is why Apple would give Uber such unprecedented access.

This isn't the first time Uber has been exposed for privacy issues, with The New York Times reporting the company had violated Apple's rules after it was discovered it had been tracking iPhones after the app was deleted.

"This API was only used for a short period of time on an old version of our Apple Watch app". This was possible even if the app was kept in the background, a serious security issue.

The deception apparently didn't scare Apple.

Kalanick is no longer the CEO of Uber. Uber's current CEO, Dara Khosrowshahi, has not yet publicly said anything about the $69 billion startup's relationship with Apple, but he has addressed the company's culture of rule bending.

Share