Apple gave Uber’s iPhone app access to a secret backdoor that potentially allows the company to record a user’s screen and access other personal information without his or her knowledge.
U.S. (Next Media) – Apple gave Uber’s iPhone app access to a secret backdoor that potentially allows the company to record a user’s screen and access other personal information without his or her knowledge.
According to Business Insider, Uber does not mention the backdoor is any consumer-facing information included with their app.
Apple’s backdoor is so powerful, it rarely allows third-party companies to access the feature.
Security researcher Will Strafach discovered the situation and told Business Insider, “granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality.”
There’s no evidence that Uber used the special iPhone feature. Uber told Business Insider the code was not being used and was a leftover from an earlier version of its Apple Watch app.
A majority of iPhone apps use software to enable features like the camera or ApplePay known as “entitlements.”
Many of these can be easily turned on by outside app creators. But certain entitlements are only used by Apple to allow optimal integration with the iPhone.
Uber’s app was found to be the only app other than Apple’s own apps granted access to the entitlement, Strafach said in an email to Business Insider.
Uber says the entitlement isn’t being used, and it is working with Apple to remove the API completely from the app.