Uber Says It Will Remove Code That Could Have Let It Surveil iPhone Users ASAP

by Ryan Mac on October 5, 2017

Daniel Leal-olivas / AFP / Getty Images

After dealing with past controversies in which it followed passengers through a “God View” and tracked users who deleted its app from their phone, Uber now has another surveillance mishap on its hands, though the company says this one was unintentional.

Earlier this week, security researchers determined that Uber's ride-hailing iOS app had code which could have allowed the company to record a user's iPhone screen. Apple had given that code, called an “entitlement,” to Uber to improve the functionality between the app and the Apple Watch, according to an Uber spokesperson on Thursday.

“You should know this API isn't connected to anything in our current codebase, meaning it's non-functional and there's no existing feature using it,” said the spokesperson in an emailed statement. “We are working with Apple to remove it completely ASAP.”

A spokesperson for Apple declined to comment.

A source familiar with the situation said that Uber was having memory management issues with the early version of the Apple Watch, leading Apple to grant an exception to add the code in question. That exception was never rescinded, and its existence hypothetically allowed Uber, or a nefarious actor with access to Uber's network, to monitor an iPhone user's screen.

“It has remained in the Uber binary for the past 2 years so far – it is odd how they are only (hopefully) removing now that it has been mentioned publicly,” said Will Strafach, one of the researchers who discovered the code, in a message to BuzzFeed News.

As of Thursday at 4 p.m. in San Francisco, an update to Uber's app was not available in Apple's app store.

In 2014, an Uber executive in New York was investigated for tracking a BuzzFeed News reporter with a “God View” without her permission. That executive later left the company. And earlier this year, the New York Times reported that Apple CEO Tim Cook met with then-Uber CEO Travis Kalanick in 2015 to discuss how, in attempt to fight fraud, the ride-hailing company was tagging iPhones that had deleted the app, a violation of Apple's rules.

Originally Posted By BuzzFeed - Tech

{ 0 comments… add one now }

Previous post:

Next post: