The Uber app for iOS has been given a unique privilege on the operating system which allows the app to spy on the iPhone’s screen, a researcher has discovered. ZDNet reports that the Uber app can read the screen buffer in iOS, allowing it to view and potentially record anything on your iPhone’s screen without your knowledge.
Uber isn’t doing this illicitly: Apple granted the app the permission. According to researchers, it’s the only third-party app out there that has the ability to read the screen buffer.
Uber told ZDNet that the ability was only intended for a very specific Apple Watch application, in which maps could render in the background on your iPhone, and then be pushed to your Apple Watch. Future versions of the Uber app will remove the code, a spokesperson said. “It’s not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production,” a spokesperson told ZDNet. “Subsequent updates to Apple Watch and our app removed this dependency, so we’re removing the API completely.”
There are two issues at stake here. Uber having the ability to secretly record your device’s screen is scary in its own right, given its previous history with tracking user data and locations. But the scarier problem is the potential for Uber’s permissions to be used by hackers. If someone could compromise the Uber app through a security flaw, they’d be able to use the app’s screen recording privilege to spy on any number of things on your device, including two-factor auth texts and passwords.