Skip to main content

UBER IOS APP CAN VIRTUALLY ‘SEE’ YOUR PHONE SCREEN, AND APPLE APPROVED IT


WHY IT MATTERS TO YOUPermissions inside the Uber app sound like a privacy nightmare, but have never been abused, and will soon be removed.
To better prepare its Apple Watch app, Uber used technology enabling it to view and record what was happening on an iPhone's screen, even when the Uber app was only running in the background. The permission to do this was granted by Apple, and although Uber claims not to use the system anymore, it remains part of the app. The news comes from Sudo Security Group, which unearthed the capability — called an Entitlement — in the Uber app.
While this sounds like a security and privacy nightmare, the entitlement doesn't work like a screen-recording app, according to an app researcher speaking to Gizmodo, and will be removed from the app soon. What it does is visualize colors and pixels on the screen, not precise details. However, the concern is this data could be decoded and interpreted to reveal sensitive personal information, user habits, or, should Uber's app be hacked by criminals, passwords and other login information.
What makes this unusual is that Uber is the only third-party app developer using it. Other entitlements are commonly used by app developers, as they provide access to key phone features, such as the camera and Apple Pay. They operate in a similar way to permissions on Android. The entitlement used by Uber here is considered reserved for Apple's use only, due to its privacy and security concerns. Using entitlements without Apple's approval would normally result in the developer being banned from the App Store.
The entitlement was used by Uber to assist the Apple Watch Series One render maps correctly. Apple partnered with Uber to show how the app would operate on the Apple Watch during its March 2015 event. Apparently, developers had four months to prepare Apple Watch apps before the launch, which may explain why Apple granted Uber use of the entitlement at the time, to ensure it was stage-ready on the day.
Uber says the entitlement has not been used since then, and it has never tracked any unauthorized access or use of it. However, Uber's reputation regarding privacy has been tarnished before, and although it says it will remove the entitlement, it's unclear why it hasn't done so before now, given the potential for abuse.

Source:here

via Blogger http://ift.tt/2xX6okH

Comments

Post a Comment

Popular posts from this blog

Xiaomi Mi A1 XDA Review: Android One and Xiaomi Hardware Result in a Delightful & Affordable Stock Experience

The Xiaomi Mi A1 is one of Xiaomi's biggest releases of the year 2017. Despite its overall humbling package, the phone marks a few important milestones for the Chinese company as well as for the Android ecosystem. The Mi A1 is important because it is the  first Xiaomi smartphone to ship without Xiaomi's own custom UX , MIUI on top of the Android OS. It is also the first device that is  the result of a reboot of Google's Android One program  —  an initiative that saw little success in its first phase in India . The Mi A1 is also the first Xiaomi device in recent times that does not see an equivalent launch in China, becoming the first Xiaomi device to be India-exclusive at launch. But does the Mi A1 with its Android One branding provide the value experience we are used to from Xiaomi? In this review, we'll take an in-depth dive into the Xiaomi Mi A1. Rather than listing specs and talking about how the experience felt, this feature attempts to prov
Post a Comment
Read more

AOL Instant Messenger is shutting down on December 15th

It's the end of an era. AOL Instant Messenger (AIM) is officially shutting down on December 15th,  Oath announced this morning. AIM started out as the built-in chat application in America Online's desktop client, but it really took off after it was broken out as a separate application in 1997. The app, and its iconic messaging sound, were staples for anyone who spent too much time on the web in the '90s and early '00s. Really though, the writing was on the wall for AIM since  AOL laid off most of the division  in 2012. AIM also started  cutting off third-party access earlier this year, which was a big sign the service was on its way out. Oath -- the new Verizon company that includes AOL, Yahoo, and yes, Engadget -- isn't saying what, exactly, will be replacing AIM. For now, though, Yahoo Messenger seems like the best possibility. "AIM tapped into new digital technologies and ignited a cultural shift, but the way in which we communicate with each o
Post a Comment
Read more