# Researchers: Uber’s iOS App Had Secret Permissions That Allowed It to Copy Your Phone Screen



## BurgerTiime (Jun 22, 2015)

https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235

To improve functionality between Uber's app and the Apple Watch, Apple allowed Uber to use a powerful tool that could record a user's iPhone screen, even if Uber's app was only running in the background, security researchers told Gizmodo. After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app.

The screen recording capability comes from what's called an "entitlement"-a bit of code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay. This particular entitlement, however, was intended to improve memory management for the Apple Watch. The entitlement isn't common and would require Apple's explicit permission to use, the researchers explained. Will Strafach, a security researcher and CEO of Sudo Security Group, said he couldn't find any other apps with the entitlement live on the App Store.

"It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Strafach said. "Considering Uber's past privacy issues I am very curious how they convinced Apple to allow this."

Although the entitlement isn't intended for this, the worry is that Uber-or a hacker who managed to break into Uber's network-could silently monitor activity on an iPhone user's screen, harvesting passwords and other personal information. "Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen. So they can potentially draw or record the screen," explained Luca Todesco, a researcher and iPhone jailbreaker. "It can potentially steal passwords etc."

If a user happened to have Lyft installed on their phone too, the entitlement could theoretically be used to monitor how the individual used a competitor's app-a wild theory, maybe, but not entirely outlandish given Uber's use of software nicknamed "Hell" to track drivers who worked for both Uber and Lyft. Alternatively, it's possible that Apple sandboxed the entitlement to prevent it from accessing data outside Uber's app.

Uber says the entitlement was used for something far less nefarious than tracking drivers or surveilling users: improving performance in its Apple Watch app. Strafach noted that he looked for indications that the entitlement had been used maliciously and found none.

"It was used for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone & then send the rendering to the Watch app," an Uber spokesperson told Gizmodo, saying that early Apple Watches couldn't handle this process alone. "This dependency was removed with previous improvements to Apple's OS & our app. Therefore, we're removing this API from our iOS codebase."

The entitlement first appeared in Uber's app around the time of the original Watch launch in 2015, according to Strafach. Apple only gave developers about four monthsbefore the official release of the Watch to slim down their apps and make them work on the new device, so it's conceivable that Apple granted the entitlement to Uber in order to meet that tight launch deadline.

"Apple gave us this permission years because Apple Watch couldn't handle our maps rendering. It's not connected to anything in our current codebase," Uber's spokesperson explained. Gizmodo asked Apple about why the entitlement was granted and will update if we hear back.

What we do know, though, is that Uber prepared its Watch app within the four-month window and was featured prominently during Apple's March 2015 keynote about the Watch. Kevin Lynch, Apple's VP of technology, demoed Uber's Watch app onstage, showing how a rider could request a car and track its progress on a map, just as the app would work on the iPhone.

Although consumers might be skeptical of Uber's privacy provisions, the company has a history of collaborating with Apple on privacy. After being wrist-slapped by Tim Cook over its device fingerprinting practices, Uber worked with Apple on the development of DeviceCheck, a fingerprinting tool used to fight fraud.


----------



## SurgeMasterMN (Sep 10, 2016)

*Uber app can silently record iPhone screens, researcher finds*
Uber is thought to be the only third-party app that was given access to the private, undocumented feature.


By Zack Whittaker for Zero Day | October 5, 2017 -- 20:11 GMT (13:11 PDT) | Topic: Security


0
discovered this week that Uber had been granted an undocumented private app permission allowing access to the screen-recording feature. It's one of many "entitlements" that allow developers to tap into features of an iPhone or iPad that are normally off limits to most app developers, unless they have been granted special permission by Apple.

Many screen-recording apps use this entitlement without permission, such as iRec, which run on jailbroken devices.

Strafach said that to his knowledge, based on thousands of app binaries he has indexed, Uber is the only third-party app that was given a private entitlement.

Other iPhone and iPad app developers said the move was unprecedented.

ADVERTISING
Apple expert and jailbreak author Luca Todesco told ZDNet that it was an "extremely dangerous use case."

Todesco explained that the specific entitlement, known as "com.apple.private.allow-explicit-graphics-priority," allows a developer to read or write to the iPhone's framebuffer, a part of the phone's memory that contains pixel and display data. "Writing is always possible from an app using normal rendering services, which draw to framebuffer on your behalf," he said. "Reading allows you to look at the device's screen."

"It's the equivalent of giving keylogging ability to apps," he said.


The Security Challenge For SMBs in a Mobile World

There's a big change happening in how small and medium-sized businesses (SMBs) think about IT security as they take advantage of mobility and the cloud. They're recognizing the need for mobile device management (MDM), cloud security, and the importance of choosing the right devices.

White Papers provided by Microsoft Surface
He also warned that it adds "a significant weakness" to users of Uber's app, because gaining code execution rights would let an attacker log user's credentials. "It paints a pretty big target on top of the app," he said.

"I find this very frightening and dangerous," he said.

An Uber spokesperson said that the code was used to improve the rendering on its Apple Watch app.

"It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production," said a spokesperson. "This API would allow maps to render on your phone in the background and then be sent to your Apple Watch," they added.

"Subsequent updates to Apple Watch and our app removed this dependency, so we're removing the API completely," said the spokesperson.

It's the latest in a long history of privacy issues and violations centered on Uber and its app.

It's the latest in a long history of similar Uber-related privacy issues, including programs used to track drivers of competing service Lyft, and other secret programs aimed at discovering and frustrating efforts by law enforcement and undercover authorities.

The New York Times reported earlier this year that Apple chief executive Tim Cook threatened to kick Uber out of the Apple App Store after Uber was caught violating its rules by tracking iPhones after the app was deleted.

Strafach said he didn't know how, "even after [Uber] previously abused" the rules, Uber still "convinced Apple to let them have exclusive access to this privileged" entitlement.

"It seems they got special treatment and do not want to directly admit it," he said.

When reached, an Apple spokesperson did not comment.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

http://www.zdnet.com/article/uber-app-can-silently-record-iphone-screens-researcher-finds/


----------



## Spotscat (May 8, 2017)

Uber involved in more shenanigans involving invasion of privacy.

Imagine that...


----------



## PrestonT (Feb 15, 2017)

or a "scat spotter"?


----------



## MHR (Jul 23, 2017)

https://amp.businessinsider.com/uber-iphone-app-secret-access-sensitive-apple-features-2017-10

Another story about this.


----------



## uberdriverfornow (Jan 10, 2016)

is there anything sinister off limit to Uber ? I mean, there's probably a boatload of more sinister stuff

they never seem to amaze people with their creepiness, it's likely this was to see if Lyft is also on the home screen


----------



## Jo3030 (Jan 2, 2016)

More scams from Uber?
No way!


----------



## uberdriverfornow (Jan 10, 2016)

> To improve functionality between Uber's app and the Apple Watch


What the hell does that even mean ? No reason you need to see the home screen to make Apple Watch run better and I'm sure it's no surprise it's called Apple "Watch".


----------



## d0n (Oct 16, 2016)

Hahahah, morons.

Travis loves ****ing with lions, Mac does one of the most secured OS on the planet and they decided to keep going at it.

The idiots over at uber should actually sink cash on shit that is undetectable like the future air gap viruses being worked on, pay Israel hackers, **** Travis, it's your people.


----------



## TimyTim (May 26, 2017)

They gave permission to the worst possible company. I hope Apple learns their lesson over this. Really stupid and I hate Apple even more. Just another reason to make the switch.


----------



## Jo3030 (Jan 2, 2016)

More scams from Uber.
Surprise surprise!


----------



## peteyvavs (Nov 18, 2015)

Uber SUCKS!!!!!!!!!!!!!!


----------



## driverdoug (Jun 11, 2017)

This is outrageous.


----------

