Uber app can secretly record everything on your iPhone's screen, researchers find

Uber App Demo

Uber App Demo

Uber has acknowledged the situation, saying Apple gave it permission to use the private entitlement for a previous version of its Apple Watch app, to aid in the supply of maps on the iPhone.

It was spotted by security researcher Will Strafach, who described it as "very unusual" and said it was "totally unprecedented" that Apple granted such a permission to the taxi-hailing app company.

Apple granted Uber special capabilities, including access to certain users' iPhone screens, according to multiple reports published Thursday.

Gizmodo's Kate Conger speculated that Apple may have granted the entitlement to Uber because it wanted to show that the Apple Watch had a functioning Uber app at its release. "Subsequent updates to Apple Watch and our app removed this dependency, so we're removing the API completely".

However, the researchers found that Uber is using one such entitlement dubbed as "com.apple.private.allow-explicit-graphics-priority". While Uber only needed it to complete a project prior to March 2015, it remained on Uber's iOS app for more than two years.

"It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production. Uber has this? It allows them to record the screen even when app is closed and potentially steal sensitive info". "So they can potentially draw or record the screen", explained Luca Todesco, a researcher and iPhone jailbreaker.

Strafach told Gizmodo that although he looked for indications that the entitlement had been used for malicious purposes, he was unable to find any evidence of such activity. "I guess there is some kind of extremely special relationship there, considering Apple granted them exclusive access to a privileged IOKit API a little while after they were abusing other unrelated IOKit APIs in violation of the App Store rules (with no repercussions at all)". "Stop the trickery or Uber's app would be kicked out of Apple's App Store", Cook reportedly warned Kalanick during the meeting.

The entitlement first appeared in Uber's app around the time of the original Watch launch in 2015, according to Strafach. Such a possibility can't be ruled out entirely because in the past Uber has used the programs to track drivers of rival Lyft.

Given the history of Uber, it would not be wrong to say that the company may have used it to track the frequency at which the customer opens other ride-hailing apps.

Kevin Lynch, Apple's VP of technology, demoed Uber's Watch app onstage, showing how a rider could request a vehicle and track its progress on a map, just as the app would work on the iPhone.