Apple granted Uber special capabilities, including access to certain users’ iPhone screens, according to multiple reports published Thursday.
Uber’s iPhone app essentially had an exclusive backdoor.
Despite Uber’s history of purposefully circumventing traditional security protocol and eschewing business norms, there is no clear indication that the ride-sharing company utilized the functions for nefarious reasons. (RELATED: Uber Accused Of Operating Three Invasive Spy Programs)
Through an “entitlement,” a portion of code that app developers employ to install certain features, Uber used its iOS app “to run memory-intensive rendering of Uber maps on the iPhone & then send the image to the [Apple] Watch app,” an Uber spokeswoman told The Daily Caller News Foundation. “This API was only used for a short period of time for an old version of our Apple Watch app. It was never used for any other purpose and has been nonfunctional in our code for quite some time. The memory limitation of Apple Watch was fixed by subsequent updates in the OS and we’re working with Apple to remove the API completely.”
This entitlement could conceivably have been infiltrated by hackers, who would then be able to overtake an iPhone user’s screen.
Apple, though, claims that entitlements are meant to prevent such things from happening.
“By carefully enabling only the resource access that you need, you minimize the potential for damage if malicious code successfully exploits your app,” Apple’s official explanation of entitlements reads.
Uber and Apple did not publicly disclose such alleged information; rather, some researchers state they recognized the screen recording tool, reports Business Insider.
They also assert that the ride-sharing giant could not have accessed the specific entitlement without Apple’s explicit approval.
“Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality,” said Will Strafach, a security researcher who discovered the situation, according to Business Insider.
so I checked our dataset to find out if any other app was granted a sensitive entitlement by Apple. Uber is the obly non-Apple app. https://t.co/Xc4FeAz5g8
— Will Strafach (@chronic) October 5, 2017
If Apple gave Uber access, which is highly likely according to Strafach, then it would signal a potentially unlikely collaboration.
Apple CEO Tim Cook threatened to remove Uber from its App Store when he found out the company tracked customers’ whereabouts, even after they deleted the app.
“So, I’ve heard you’ve been breaking some of our rules,” Cook calmly told Uber CEO Travis Kalanick during a 2015 meeting, according to Mike Isaac of The New York Times. Kalanick was reportedly unnerved, perhaps worried that his carefully crafted business could be completely upended if Cook cut off his access to millions of current and potential users.
Send tips to eric@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.