Stop us if you’ve heard this one: Uber is a shady company.
The ride-hailing giant’s iOS app has the ability to record a user’s iPhone screen, Gizmodo reported Thursday. An Uber spokesperson told Mashable that the company is working with Apple to remove the feature from the app ASAP. Uber only used it to render maps, and not actually copy your screen, the rep said, adding it hasn’t been used for “quite some time.”
If the ability on its own wasn’t frustrating enough, it appears the sketchy feature is only being removed after security researchers pointed it out earlier this week.
The functionality is an exclusive permission from Apple and was granted to Uber to help them launch their Apple Watch app. Uber was one of the stars of Apple’s keynote on the Apple Watch in March 2015.
While the code may have helped Uber push out an app to hail a car from an Apple Watch, it also could have been used to steal people’s passwords and other personal information.
“Essentially it gives you full control over the framebuffer, which contains the colors of each pixel of your screen. So they can potentially draw or record the screen,” Luca Todesco, a researcher and iPhone jailbreaker, told Gizmodo. “It can potentially steal passwords etc.”
So, yes, Apple granted a permission to Uber that left users’ privacy in danger. While Uber only needed it to complete a project prior to March 2015, it remained on Uber’s iOS app for more than two years.
Now, do we blame Apple for not taking the permission away? Do we blame Uber for not being forthcoming? Perhaps both. We definitely thank the security researchers.
It appears that back in 2015 Apple viewed Uber as a “trusted developer” that deserved the special permissions. Now, there’s a black mark — well, several black marks — on Uber’s name.
Not only did it create a toxic workplace culture outed by former engineer Susan Fowler earlier this year, the company also misused software. Uber had a software nicknamed “Hell” that allowed it to track Lyft drivers. Uber also had an internal tool called “Greyball” that let it identify who was a government employee using the app.
Apple declined to comment.