Uber’s iPhone App Found To Have Privileged Access To User Information

Reports indicate that Uber’s iPhone app possesses a backdoor which gives it access to features of Apple and this allows it the ability to record the screen of a user as well as secretly obtain the user’s personal information. This is not however disclosed to consumers when they are installing the app despite the fact that Apple almost always never allows this to third parties.

However there is no indication that the ride-hailing service exploited this backdoor access to its advantage, the revelation is bound to raise serious queries for a firm that is already being investigated for various controversial business practices. Uber has also previously been caught violating App Store rules and its corporate culture has been widely criticized.

Apple Watch code

After the information about the backdoor code became public the ride-hailing firm came out publicly to deny the code was being used and asserted the code was a holdover from an old version of an app it had developed for the Apple Watch. This did not however manage to calm the fears of experts.

“Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality,” security researcher Will Strafach said in an interview with Business Insider.

Private Apple entitlement

According to Strafach who discovered Uber’s backdoor code, the ride-hailing firm was using the functionality to allow for graphics such as maps. But among the tops apps on the App Store only Uber had this private Apple entitlement. Uber has said that this permission was granted to it by Apple as a way of rendering maps on iPhones. The ride-hailing firm has indicated that at the moment it is working with the iPhone maker to get rid of the code completely.

Due to the fact that Apple almost never gives permission to these private entitlements, one reason that has been proposed as to why Uber was allowed to have the backdoor code was because the Uber app was used during the 2015 launch of the Apple Watch. The Uber app was also a launch app then.

Related posts