Wednesday 18 October 2017

Uber app can secretly record everything on your iPhone's screen - researchers

New Uber CEO Dara Khosrowshahi
New Uber CEO Dara Khosrowshahi

Aatif Sulleyman

Uber could record everything on your iPhone’s screen, even when the app is running in the background, security researchers have discovered.

The software has been found to have a special permission, which is off-limits to most app developers, that allows it to monitor everything iPhone users look at on their handsets, including passwords and private pictures.

Uber says the feature is not in use and will be removed, but the fact it theoretically could have allowed the company to spy on customers' sensitive personal data is extremely worrying.

The software has been found to have a special permission, which is off-limits to most app developers, that allows it to monitor everything iPhone users look at on their handsets, including passwords and private pictures.

Uber says the feature is not in use and will be removed, but the fact it theoretically could have allowed the company to spy on customers' sensitive personal data is extremely worrying.

It was spotted by security researcher Will Strafach, who described it as “very unusual” and said it was “totally unprecedented” that Apple granted such a permission to the taxi-hailing app company.

Fellow security researcher Luca Todesco added, “What???? Uber has this? It allows them to record the screen even when app is closed and potentially steal sensitive info.”

The entitlement isn’t commonly granted, and Uber would have had to get direct permission from Apple in order to implement it.

“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Mr Strafach told Gizmodo.

“Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”

According to Uber spokesperson Melanie Ensign, the permission was granted in order for Uber to work better with the Apple Watch.

An Uber spokesperson told the Independent: “This API was only used for a short period of time on an old version of our Apple Watch app. It enabled the app to run the memory-intensive rendering of maps on the iPhone and then send the image to the Watch app.

"It was never used for any other purpose and has been nonfunctional in our code for quite some time. The memory limitation of Apple Watch was fixed by subsequent updates in the OS and we've issued an update to our app to remove the API completely."

Uber’s future in London is in doubt, with TfL saying the company is not a “fit and proper” private car hire firm.

One of the reasons for the impending ban – which Uber is appealing – is the company’s use of Greyball, secret software designed to identify individual users and help Uber avoid law enforcement.

Independent News Service

Also in Business