Apple Allegedly Gave Uber Backdoor Access To iOS APIs To Record iPhone Screens

Security researcher Will Strafach has discovered that Uber had been granted access to an undocumented, private app permission allowing its app to access the screen-recording feature on iPhones. To be able to access this screen capturing feature, Uber had to be granted special permission by Apple. That screen recording feature is said to be off limits to most app developers and is something known as an "entitlement".

Uber

The screen recording feature in question is taken advantage of by screen recording apps on jailbroken iPhones, allowing apps like iRec to capture screens without needing permission directly from Apple. The security researcher says that based on thousands of app binaries that he has indexed, Uber is the only third-party app that was given the screen recording entitlement.

The entitlement is called "com.apple.private.allow-explicit-graphics-priority" and when granted, the entitlement allows the developer of an app to read or write to the iPhone framebuffer. That framebuffer is part of the memory of the device with pixel and display data.

"It is very odd to see Uber as the only app (I checked tens of thousands of other apps using my company’s internal dataset derived from the App Store) besides Apple’s own apps granted access to this sensitive entitlement," said Strafach in an email to Business Insider. "I guess there is some kind of extremely special relationship there, considering Apple granted them exclusive access to a privileged IOKit API a little while after they were abusing other unrelated IOKit APIs in violation of the App Store rules (with no repercussions at all)."

The ability to read screen means that if an attacker gained code execution rights, the attacker could steal the user's credentials. Uber says that the code was given by Apple to allow Uber to improve rendering on the Apple Watch app.

"It's not connected to anything else in our current codebase and the diff [sic] to remove it is already being pushed into production," said an Uber spokesperson. "This API would allow maps to render on your phone in the background and then be sent to your Apple Watch. Subsequent updates to Apple Watch and our app removed this dependency, so we're removing the API completely."

Researchers in the past have accused Uber drivers of colluding to jack up rates in major cities. Uber also had its license to operate in London pulled recently. Perhaps the biggest black mark on the company was its former CEO Travis Kalanick, who resigned in June after months of turmoil centered on him.


Show comments blog comments powered by Disqus