09 October 2017

Gizmodo: “Uber’s iOS App had Secret Permissions that allowed it to Copy your Phone Screen”

The screen recording capability comes from what’s called an “entitlement”—a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn’t common and would require Apple’s explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn’t find any other apps with the entitlement live on the App Store.

It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature, Strafach said. Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.

Kate Conger

Tell me again how Apple is the ultimate defender of user privacy! Until they need help promoting one of their products, then all principles fly out of the window.

What if the meeting between Tim Cook and Travis Kalanick in early 2015 wasn’t about warning Kalanick to stop circumventing Apple’s rules, but instead to ask for Uber’s help in testing Apple Watch apps?!

Post a Comment