Uber app can secretly record everything on your iPhone’s screen, researchers find

'I am very curious how they convinced Apple to allow this'

Aatif Sulleyman
Friday 06 October 2017 19:34 BST
Comments
(Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Uber could record everything on your iPhone’s screen, even when the app is running in the background, security researchers have discovered.

The software has been found to have a special permission, which is off-limits to most app developers, that allows it to monitor everything iPhone users look at on their handsets, including passwords and private pictures.

Uber says the feature is not in use and will be removed, but the fact it theoretically could have allowed the company to spy on customers' sensitive personal data is extremely worrying.

It was spotted by security researcher Will Strafach, who described it as “very unusual” and said it was “totally unprecedented” that Apple granted such a permission to the taxi-hailing app company.

Fellow security researcher Luca Todesco added, “What???? Uber has this? It allows them to record the screen even when app is closed and potentially steal sensitive info.”

The entitlement isn’t commonly granted, and Uber would have had to get direct permission from Apple in order to implement it.

“It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Mr Strafach told Gizmodo.

“Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”

According to Uber spokesperson Melanie Ensign, the permission was granted in order for Uber to work better with the Apple Watch.

An Uber spokesperson told the Independent: “This API was only used for a short period of time on an old version of our Apple Watch app. It enabled the app to run the memory-intensive rendering of maps on the iPhone and then send the image to the Watch app.

"It was never used for any other purpose and has been nonfunctional in our code for quite some time. The memory limitation of Apple Watch was fixed by subsequent updates in the OS and we've issued an update to our app to remove the API completely."

Uber’s future in London is in doubt, with TfL saying the company is not a “fit and proper” private car hire firm.

One of the reasons for the impending ban – which Uber is appealing – is the company’s use of Greyball, secret software designed to identify individual users and help Uber avoid law enforcement.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in