An ‘unprecedented’ level of access granted to Uber’s iPhone app means the firm could be watching your every move.
Apple has given the company special powers that could be used to record a user’s screen and access other sensitive data without their knowledge or permission.
Experts have warned that the feature, which is not listed in any of Uber’s public information, may be available even when the app is closed.
An ‘unprecedented’ level of access granted to Uber’s iPhone app means the firm could be watching your every move. Apple has given the company special powers that could be used to record a user’s screen and access other personal data without their knowledge or permission
Security researcher Will Strafach first raised the alarm on Twitter, after uncovering an unusual portion of the app’s code.
Mr Strafach checked this against tens of thousands of other apps on the App Store and found that Uber was the only non-Apple software to include the string of data, known as an entitlement.
This gives the app permission to use abilities normally reserved for Apple’s proprietary programs.
Speaking to Business Insider, he said: ‘Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell.
‘No other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilise certain privileged system functionality.
‘It is very odd to see Uber as the only app besides Apple’s own apps granted access to this sensitive entitlement.’
Apps for the iPhone and iPad use entitlements to enable functions like the camera and Apple Pay.
Some, marked com.apple.private, are normally strictly reserved to provide Apple’s own products full functionality.
Third-party apps that contain these sections of code are routinely rejected from the App Store.
The specific permission in question is known as com.apple.private.allow-explicit-graphics-priority.
It lets developers read and write to part of the device’s memory that contains pixel and display data.
Apps for the iPhone and iPad use strings of code, known as entitlements, to enable functions like the camera and Apple Pay. The entitlement in question lets developers read and write to part of the device’s memory that contains pixel and display data
Security researcher Will Strafach first raised the alarm on Twitter, after uncovering an unusual portion of the app’s code. He found that Uber was the only non-Apple software to include the entitlement
This could allow an app’s owner to access and record any information currently being displayed.
There is no suggestion that Uber has ever used this ability.
The San Francisco based firm say it is a legacy of a previous app version developed for the Apple Watch.
In a statement, Uber spokesman Melanie Ensign said: ‘Apple gave us this permission because early versions of Apple Watch were unable to adequately handle the level of map rendering in the Uber app.
‘Subsequent updates to Apple Watch and our app removed this dependency and we’re working with Apple to remove the API completely.’