Uber’s iOS Application Permitted It To Copy iPhone Screen
This can be bit worrying, as revealed by the security researchers, that everything on the screen of iPhone can be recorded by Uber—although the app is functioning in the background. A special consent, which is not allowed to the majority of app developers, given to the software that enables it to supervise all iPhone users look at on their devices, including private pictures and passwords.
Uber states the feature is not functional and will be pulled off, but the actuality that it supposedly could have permitted the firm to spy on the sensitive private information of the customers is extremely disturbing. Will Strafach, a security researcher, spotted this feature describing it as “very bizarre” and mentioned it was “absolutely exceptional” that Apple approved such an authorization to the taxi-hailing app firm. He said, “Taking into consideration the past privacy issues of Uber, I’m very inquisitive how they swayed Apple to consent to this.”
The screen-copying ability is enabled from what is known as an “entitlement”—a code used by the app developers for anything from connecting with Apple systems such as Apple pay or iCloud to setting up for the push notifications. The entitlement is not normally granted and direct permission would have been needed from Apple to implement it by Uber. And the researchers also mentioned that no other app was discovered with such an entitlement on the App Store.
Researcher Luca Todesco explained, “Basically, it offers you complete command over the framebuffer that encloses the colors of every pixel of one’s screen. Thus, they can potentially record or draw the screen and then pilfer passwords and so.” However, as per Melanie Ensign, an Uber spokesperson, the consent was given so that Uber can function better with the Apple Watch.
The Uber spokesperson said, “This API was used only for a small time on our Apple Watch app’s old version. It allowed the application to operate the memory-intensive interpretation of maps on the device [iPhone] and then launch the picture to the Watch app. It was in no way utilized for any other reason and has been inactive in our code for quite some time. The Apple Watch’s memory limitation was fixed by successive OS updates and we have issued an upgrade to our application to pull off the API entirely.”
The future of Uber in London is in suspicion, with TfL mentioning the ride-hailing firm is not a “proper and fit” confidential car hire company. One of the grounds for the looming ban is the use of Greyball—furtive software developed to recognize individual users and assist Uber to shun law enforcement—by the company.