According to security researchers, Uber’s iOS application has the permission to record users' screens, and anything on it including passwords, messages or any other critical information. Though, the researchers suggest that this is to make the Uber app work more efficiently and smoothly with Apple Watch.
Apple allowed Uber to run a powerful tool called - entitlement which is a snippet of code that can be used to perform various activities like setting up push notification, enable in-app payments, or interact with Apple’s iCloud other than recording the entire screen of users even when the app is running in the background.
Researchers claim that they found no other third-party apps other than Uber that had this kind of “private sensitive entitlement”.
Although the entitlement isn’t intended for any malicious purpose, researchers worry that an unethical hacker who manages to break into Uber network might also get access to these sensitive permissions. This could lead to breach into a user’s critical data as it would aid a hacker in getting access to users’ passwords, bank account details, private messages and much more.
After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app. According to an Uber spokesperson, Uber required this permission for an older version of Apple Watch to run a heavy lifting of rendering maps on user’s smartphone and then send it to the Apple Watch application. Further, they said that the permission was not used for anything else apart from rendering maps.