Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber's iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen, Researchers Say (gizmodo.com)

Posted by msmash on from the stranger-things dept.

To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told news outlet Gizmodo. From a report: After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. The screen recording capability comes from what's called an "entitlement" -- a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store. "It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."

3 of 91 comments (clear)

  1. "Smart" just means "treacherous" by jabberw0k · · Score: 1, Interesting

    There's a reason why some of us only use free software on free operating systems, and this kind of abuse is a perfect example of what happens when you trust proprietary software on a closed operating system. If you use a so-called "smart" device, you are a patsy, a mark, a willing victim. Stop hurting yourself.

  2. Re:There goes Apple's reputation for security. by Anonymous Coward · · Score: 2, Interesting

    Oh fuck off Nancy. Are you seriously going to thrash Apple, when Google has been letting Android and its apps use you like a bitch for the past decade?

    I love how the blinders are up whenever horrible fucking practices are used by open source and Android developers, and suddenly you're outraged at Apple for what is probably a fuck up by an employee who didn't know better.

    Fuck this place and its users. What a bunch of narcissistic losers.

  3. Re:Assholes ... by currently_awake · · Score: 4, Interesting

    I consider the bigger issue that Apple can bypass your security settings at will, with no notification. I don't know how legal this is, but we can assume police and intelligence agencies are currently making use of this because Apple spent money to MAKE this feature.