[
link to www.blacklistednews.com]
Apple granted Uber’s iPhone app special privileges by giving the car-hailing service a potential ability to record their customers’ phone screens and access other personal data without their knowledge, cyber security experts say.
The extremely sensitive permission, also known as ‘entitlement,’ was discovered by security researcher Will Strafach, CEO of Sudo Security Group.
Entitlement is a piece of code which app developers can use to interact with certain Apple systems like the camera or Apple Pay on iPhones and iPads.
What is extremely unusual about the particular entitlement granted to Uber is that it would have required Apple’s explicit permission, Strafach told Business Insider.
and there we have it! these shenanigans are likely what got Tim Cook upset with Uber
He told Business Insider that Uber was the only app currently available in the App Store which possesses the entitlement coded as ‘com.apple.private.allow-explicit-graphics-priority,’ stressing that such a revelation is “very odd,” especially as he checked “tens of thousands of other apps.”
“Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality,” Strafach said.
Uber has acknowledged the situation, saying Apple gave it permission to use the private entitlement for a previous version of its Apple Watch app, to aid in the supply of maps on the iPhone. It said the entitlement is not currently being used.
“Apple gave us this permission because early versions of Apple Watch were unable to adequately handle the level of map rendering in the Uber app,” Uber representative Melanie Ensign told Business Insider. “Subsequent updates to Apple Watch and our app removed this dependency and we’re working with Apple to remove the API completely.”
Referring to the piece of code, an Uber spokesperson told BuzzFeed that the company is “working with Apple to remove it completely ASAP.”
The spokesperson said the entitlement “isn’t connected to anything in our current codebase, meaning it’s non-functional and there’s no existing feature using it.”
United States
United Kingdom
