According to Gizmodo, security researchers confirmed that Apple gave Uber permission to record a user’s iPhone screen, even if only their app was running in the background:
The screen recording capability comes from what’s called an “entitlement”—a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn’t common and would require Apple’s explicit permission to use, the researchers explained.
According to Will Strafach, a security researcher and CEO of Sudo Security Group, no other app in the App Store has this permission. “It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature,” Strafach said. “Considering Uber’s past privacy issues I am very curious how they convinced Apple to allow this.”
Even though this was not the intention, many fear that this feature could be hacked and used to monitor customers screens in order gain important information, or used by Uber to track how customers use their competitor, Lyft.
But, they’re still claiming it’s about the Apple Watch:
“It was used for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone & then send the rendering to the Watch app,” an Uber spokesperson told Gizmodo, saying that early Apple Watches couldn’t handle this process alone and the tool was never used for anything other than rendering maps. “This dependency was removed with previous improvements to Apple’s OS & our app. Therefore, we’re removing this API from our iOS codebase.”
“You should know this API isn’t connected to anything in our current codebase, meaning it’s non-functional and there’s no existing feature using it,” said an Uber spokesperson in an emailed statement to Buzzfeed. “We are working with Apple to remove it completely ASAP.”
Yeah, don’t use Uber.