Security researcher Will Strafach recently revealed that Apple selectively grants (what's known as an "entitlement") Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch.The screen-recording API allows the Uber app to record user's screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen.
What's more? The company's access to such permission could make this data vulnerable to hackers if they, somehow, able to hijack Uber's software.
"It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach told Gizmodo, who first reported about the issue. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."Shortly after the public disclosure, Uber said it would remove the entitlement code from its iPhone app's codebase that lets the ride-sharing app record the screen even if running in the background.
Although it's unclear when or for how long Uber's iPhone app has had this permission, Uber spokesperson said in a tweet that the entitlement was used for an old version of the Apple Watch app and was provided to Uber because the original Apple Watch could not render maps.However, due to upgrades to Apple Watch and the Uber app, the company does not need this permission anymore.
This is not the first privacy concern surrounding Uber. Late last year, the ride-hailing company was found tracking its users' locations even after their rides ended.
Uber was also in controversies at the mid of last year for monitoring the battery life of its users, as the company believed that its users were more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.