Uber Had Access to Backdoor that Allowed Its iOS App to Record Screen

Uber and Volvo Are Launching new Self-Driving Vehicles

For better part of last several years, Uber managed to attract a lot of criticisms over the company’s violation of different regulations. Most of these violations were related to the company abusing its application to record users’ data without their knowledge. Apple on the other hand, boasted itself on being a privacy-focused company for a long period of time. Interestingly enough, security researchers have pointed out a backdoor used by only Uber that which would allow Uber’s application to capture a user’s iPhone screen even if the application was running only in the background.

As of now, Uber is the only non-Apple app that was using the code. According to Uber, Apple had given the company access to the code to improve app’s performance on the Apple Watch. The code allowed the company to render Uber maps on iPhone and send to Apple Watch to provide better user experience. However, the code could have allowed the company or any attacker hacking the company’s network to monitor an iPhone’s screen and steal personal information.

Talking about the latest problem, Will Strafach, commented on Twitter, “It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature. Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”

Since the discovery of the code, Uber revealed that updates to the original Apple Watch means that no feature of the application is currently using the code. The company revealed that it is currently working with Apple to remove the code completely. Despite that, Apple’s decision to allow a shady company like Uber using such feature is highly surprising since Uber has been in the news for better part of this year for all sort of negative reasons. Recently, the company got its license revoked in London. As a result, it will be worthwhile to see how soon Apple decides to remove the API completely.

Featured Image: Pixabay/rhysadams

Related Articles