Uber Says It’s Removing Secret Screen-Viewing Access To iOS Devices

Uber’s seemingly endless quest to know (and potentially control) everything it could about the users of the company’s app, turns out to have had some help from Apple.

In an unprecedented move, Apple appears to have granted the ride-hailing company’s app the ability to access iOS devices’ frame buffer directly, which included the ability to see what was showing on the device’s screen. The capability was announced on Twitter by security researcher Will Strafach.

According to Strafach, the Uber app is the only instance he’s found during searches of thousands of apps that allows this. Despite its security and privacy implications, this capability was disclosed by neither Uber nor Apple. However, this is hardly the first time Uber has been found to violate its customers’ privacy and or pushed the boundaries of legality in the way its app works.

Uber screen tracking

Uber, for example, had been prevented from tracking its customers even when they’re not using the app only because iOS 11 mandates the choice to allow location services only when the app is running, which is supposed to be the default condition.

However, even with that, I’ve noticed that the Uber app sometimes seems to quietly get switched to always allowing such location services once I’ve invoked the Uber app, until I specifically go and switch it back off.

But it’s not just me. Uber also went to the extent of tracking the location of law enforcement and regulatory officials, and then providing them with a fake app that ensured they couldn’t flag down a ride with an Uber driver.

Uber also reportedly found a way to track drivers working for its competitor Lyft. This pushing of the limits and other reports of bad behavior may have come home to roost as the city of London has announced that Uber’s license to operate will not be renewed because of such activities.

In this case the access to the frame buffer was due to the inability of the Apple Watch to render maps needed by the Uber app when displaying the location of an Uber ride. Because the Watch couldn’t do the rendering on its own, the Uber app would render the map on the iOS device and send the result to the phone, already rendered.

For this to happen, Apple had to give permission for such an action, which Apple calls an “entitlement.” This means that the specific app has the ability to invoke a function that’s normally restricted for use by Apple itself. Normally, Apple doesn’t allow this and when the company finds that app developers have used its private entitlements, it will remove the app from the App Store.

Originally published on eWeek

Continues on Page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Bitcoin ‘Creator’ Craig Wright Admits He Is Not Satoshi Nakamoto

Australian computer scientist Craig Wright referred to Crown Prosecution Service (CPS) to be considered for…

2 hours ago

GitLab Explores Possible Sale – Report

Coding platform GitLab is reportedly exploring a sale, nearly three years after successful IPO on…

4 hours ago

TikTok Parent Loses Bid To Avoid EU ‘Gatekeeper’ Label

China's ByteDance has lost a legal challenge to avoid a European Union 'Gatekeeper' designation, but…

5 hours ago

Kaspersky To Shutter US Operation After National Security Ban

Russian cybersecurity giant Kaspersky is to close down all of its operations in the United…

6 hours ago

Microsoft Faces UK Probe Over Inflection Staff Hiring

Poaching staff? UK's CMA regulator confirms phase one investigation of Microsoft's “hiring” of former Inflection…

8 hours ago

Elon Musk To Relocate SpaceX, X HQ To Texas

Leaving California. Elon Musk protests new gender-identity law, says he will move headquarters of SpaceX…

10 hours ago