Apple allows Uber to record anything on your iPhone's screen

Discussion in 'iPhone' started by KiwiAdventure, Oct 9, 2017.

Thread Status:
Not open for further replies.
  1. KiwiAdventure Suspended

    Joined:
    Dec 7, 2010
    Location:
    New Zealand
    #1
    Apple has granted an undocumented private app permission that allows Uber to record anything on your iPhone's screen without your knowledge.

    Security researcher Will Strafach made the discovery of the feature, which has long existed on apps of jailbroken devices without permission from Apple.

    What makes this case unique is Uber is the only third-party app to be given private access to the feature by Apple - a conclusion Strafach made after indexing thousands of app binaries.

    Apple expert and jailbreak author Luca Todesco said apps can generally only write to the iPhone's framebuffer - part of the phone's memory that contains pixel and display data.

    However, he said this permission means Uber has been given the ability to read or write.

    "Writing is always possible from an app using normal rendering services, which draw to framebuffer on your behalf," he told ZDNet.

    "Reading allows you to look at the device's screen."

    Todesco said it was the equivalent of giving Uber the ability of keylogging - the use of a computer program to record every keystroke made by a user, especially in order to gain fraudulent access to passwords and other confidential information.

    "I find this very frightening and dangerous," he said.

    The Apple expert added the feature also "paints a pretty big target on top of the app" for hackers looking exploit the permission.

    An Uber spokesman said that the code had been implemented to improve rendering on its Apple Watch app.

    "It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production," the spokesman said.

    "This API would allow maps to render on your phone in the background and then be sent to your Apple Watch."

    Uber said subsequent updates to the Apple Watch and its own app had improved rendering, so the company would be removing the function completely.

    This isn't the first time Uber has been exposed for privacy issues, with The New York Times reporting the company had violated Apple's rules after it was discovered it had been tracking iPhones after the app was deleted.

    Strafach said he was shocked to see that even after Apple chief executive Tim Cook threatened to kick Uber out of the App Store, the company somehow managed to convince "Apple to let them have exclusive access to this privileged entitlement".

    "It seems they got special treatment and do not want to directly admit it," he said.
    Apple is yet to comment
     
  2. AnthonyG6 macrumors regular

    AnthonyG6

    Joined:
    Sep 13, 2017
    #3
    Old news.

    It would be interesting to know if any other apps have similar permissions that are still active?
     
  3. eyoungren macrumors Core

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    ten-zero-eleven-zero-zero by zero-two
    #4
    @KiwiAdventure The title of your post is clickbaity and misleading.

    While you are correct, based on this news, that this could be done, it's not what Uber was doing and has already been removed in an update.
     
  4. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #5
    Mod note
    as mentioned above, there is already a news article on this topic, so I'm closing this thread
     
Thread Status:
Not open for further replies.

Share This Page

4 October 9, 2017