Uber App Found To Have Special iPhone Screen Recording Permission
Uber's iPhone app has a special permission (entitlement) that has some privacy experts upset. Security researcher Will Strafach recently made the entitlement public in the form of a tweet, and Uber has since confirmed it in a roundabout way, saying that it is used to improve the way the app renders on the Apple Watch.
As Strafach notes in his tweet below, the entitlement is "com.apple.private.allow-explicit-graphics-priority" and is a special permission that, it is thought, only Uber has been granted. This entitlement grants Uber access to the device's screen recording feature, something typically only available unofficially in certain apps that leverage jailbroken iPhones.
With this permission, Uber's app can get access to read or write to the iPhone's frame buffer, the reading part being the big concern. Talking about this, Apple expert Luca Todesco said to ZDNet, "It's the equivalent of giving keylogging ability to apps."
This has raised concerns about what could happen with such permission, but Uber swears it isn't doing anything nefarious with the special permission. Via a spokesperson speaking to ZDNet, Uber said that the entitlement isn't "connected to anything else in our current codebase," referring to its aforementioned use with the Apple Watch app. The spokesperson went on to indicate that steps to remove the permission were already underway before news of the entitlement went public.
Uber has long faced criticism across multiple fronts, one of them being in the area of privacy. The company previously used a function that allowed the Uber app to track up to the last five minutes of an Uber rider's trip after they left the vehicle. The action was said to be part of an effort to improve pickup and drop-off locations, but backlash from users and politicians alike contributed to its eventual demise.
SOURCE: ZDNet