Apple Gave Uber ‘iPhone Backdoor’ Allowing Covert Screens & Data Access
Apple granted Uber’s iPhone app special privileges by giving the car-hailing service a potential ability to record their customers’ phone screens and access other personal data without their knowledge, cyber security experts say.
The extremely sensitive permission, also known as ‘entitlement,’ was discovered by security researcher Will Strafach, CEO of Sudo Security Group.
Entitlement is a piece of code which app developers can use to interact with certain Apple systems like the camera or Apple Pay on iPhones and iPads.
What is extremely unusual about the particular entitlement granted to Uber is that it would have required Apple’s explicit permission, Strafach told Business Insider.
He told Business Insider that Uber was the only app currently available in the App Store which possesses the entitlement coded as ‘com.apple.private.allow-explicit-graphics-priority,’ stressing that such a revelation is “very odd,” especially as he checked “tens of thousands of other apps.”
“Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality,” Strafach said.
Uber has acknowledged the situation, saying Apple gave it permission to use the private entitlement for a previous version of its Apple Watch app, to aid in the supply of maps on the iPhone. It said the entitlement is not currently being used.