To better prepare its Apple Watch app, Uber used technology enabling it to view and record what was happening on an iPhone’s screen, even when the Uber app was only running in the background. The permission to do this was granted by Apple, and although Uber claims not to use the system anymore, it remains part of the app. The news comes from Sudo Security Group, which unearthed the capability called an Entitlement in the Uber app.
While this sounds like a security and privacy nightmare, the entitlement doesn’t work like a screen-recording app, according to an app researcher speaking to Gizmodo, and will be removed from the app soon. What it does is visualize colors and pixels on the screen, not precise details. However, the concern is this data could be decoded and interpreted to reveal sensitive personal information, user habits, or, should Uber’s app be hacked by criminals, passwords and other login information.
What makes this unusual is that Uber is the only third-party app developer using it. Other entitlements are commonly used by app developers, as they provide access to key phone features, such as the camera and Apple Pay. They operate in a similar way to permissions on Android. The entitlement used by Uber here is considered reserved for Apple’s use only, due to its privacy and security concerns. Using entitlements without Apple’s approval would normally result in the developer being banned from the App Store.
While this sounds like a security and privacy nightmare, the entitlement doesn’t work like a screen-recording app, according to an app researcher speaking to Gizmodo, and will be removed from the app soon. What it does is visualize colors and pixels on the screen, not precise details. However, the concern is this data could be decoded and interpreted to reveal sensitive personal information, user habits, or, should Uber’s app be hacked by criminals, passwords and other login information.
What makes this unusual is that Uber is the only third-party app developer using it. Other entitlements are commonly used by app developers, as they provide access to key phone features, such as the camera and Apple Pay. They operate in a similar way to permissions on Android. The entitlement used by Uber here is considered reserved for Apple’s use only, due to its privacy and security concerns. Using entitlements without Apple’s approval would normally result in the developer being banned from the App Store.
Category
🦄
Creativity