Black Friday Sale! 50% Off All Access

Apple Gave Uber's App 'Unprecedented' Access to a Secret Backdoor That Can Record iPhone Screens However, there is no evidence that Uber used this access to take advantage of the iPhone features.

By Kif Leswing

This story originally appeared on Business Insider

Reuters/Lucas Jackson via BI
Apple CEO Tim Cook and former Uber CEO Travis Kalanich are friendly.

Uber's iPhone app has a secret backdoor to powerful Apple features, allowing the ride-hailing service to potentially record a user's screen and access other personal information without their knowledge.

The existence of Uber's access to special iPhone functions is not disclosed in any consumer-facing information included with Uber's app, despite giving the company direct access to features so powerful that Apple almost always keeps them off limits to outside companies.

Although there is no evidence that Uber used this access to take advantage of the iPhone features, the revelation of the app's access to privileged Apple code raises important questions for a company already under investigation for a variety of controversial business practices.

Uber told Business Insider the code was not currently being used and was essentially a vestige from an earlier version of its Apple Watch app, but it set off alarm bells among experts.

"Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they've needed to let their apps utilize certain privileged system functionality," Will Strafach, a security researcher who discovered the situation, told Business Insider.

Here's how it works

Nearly every iPhone app uses what is called an "entitlement" -- basically a way for software to enable features like the camera or Apple Pay on iPhones and iPads. Most of these can be easily found and officially turned on by outside app developers.

But there are certain entitlements that are only used by Apple, giving the company's own software tight integration with the iPhone. These bits are marked with names that start with "com.apple.private," and they are considered so sensitive that any third-party app found using them is rejected from the App Store.

After digging around in the code for Uber's app, Strafach discovered that it uses an entitlement called "com.apple.private.allow-explicit-graphics-priority."

"It is very odd to see Uber as the only app (I checked tens of thousands of other apps using my company's internal dataset derived from the App Store) besides Apple's own apps granted access to this sensitive entitlement," Strafach said in an email. Another person said that no other of the 200 top free apps use private Apple entitlements.

Uber says Apple gave it permission to use the private entitlement, which it used for an earlier version of its Apple Watch app to render maps on the iPhone. The entitlement is not currently being used, Uber says.

"Apple gave us this permission because early versions of Apple Watch were unable to adequately handle the level of map rendering in the Uber app," Uber representative Melanie Ensign told Business Insider. "Subsequent updates to Apple Watch and our app removed this dependency and we're working with Apple to remove the API completely."

Lot of other iOS developers would like special access to private Apple entitlements for both legitimate and illegitimate purposes.

The one Uber was using, for example, could be used to record a user's screen, Thomas Jansen, founder of security research company Crissy Field said. "Imagine any app would be able to use an entitlement like that and just record your screen without you knowing," he said. That's why Apple doesn't allow just any company to use private entitlements.

Apple didn't comment. But one reason why Apple may have let Uber use this sensitive piece of code -- which likely would have needed to have been approved by senior management -- is because the Uber app was demonstrated on-stage when it launched the Apple Watch in 2015 and Uber was a launch app for the Apple Watch.

Hard to trust

Uber has been caught violating the rules of the App Store and has a history of pushing boundaries when it comes to building software that may break legal or ethical boundaries.

After using internal Apple abilities to tag and track individual iPhone devices, even after they were wiped, former Uber CEO Travis Kalanick was summoned to Apple's headquarters. There, he was scolded by Apple CEO Tim Cook, who in a private meeting with Kalanick threatened to pull the Uber app from the App Store, the New York Times reported.

The meeting between the two CEOs reportedly took place in early 2015, around the same time Apple launched the Apple Watch.

"I guess there is some kind of extremely special relationship there, considering Apple granted them exclusive access to a privileged IOKit API a little while after they were abusing other unrelated IOKit APIs in violation of the App Store rules (with no repercussions at all)," Strafach surmised.

The deception apparently didn't scare Apple: Texts published as part of a lawsuit revealed that Kalanick privately said he continued to meet with Cook, with one meeting supposedly taking place in May 2016, as well.

Apple became an Uber investor through its investment in Chinese ride-hailing company Didi Chuxing. In 2016, Didi merged with Uber's Chinese subsidiary.

Kalanick is no longer the CEO of Uber. Uber's current CEO, Dara Khosrowshahi, has not yet said anything publicly about the $69 billion startup's relationship with Apple, but has addressed the company's rule-bending culture. A recent change to iOS, the iPhone software, prevented Uber from collecting rider location in the background without a visual signal.

Kif Leswing

Contributing Writer

Kif Leswing has been a contributing writer for Fortune since 2015.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business Solutions

The Tools Every Entrepreneur Needs and No Subscriptions Required for Cyber Monday

Lifetime access to Microsoft Office 2019, tailored for entrepreneurs on Mac or Windows.

Marketing

7 Innovative Marketing Ideas That Will Help Your Brand Stand Out This Holiday Season

These seven creative holiday marketing strategies can help your business stand out from competitors, connect with audiences and make a real impact.

Growing a Business

5 Reasons Why 2025 Will Be Your Most Amazing Year Yet as an Entrepreneur

2025 is set to be a pivotal year for entrepreneurs, driven by a combination of favorable economic, political and market conditions.

Leadership

How Personality Types Can Help You Identify Employee Strengths and Boost Team Performance

Here's how leaders can unlock their team's potential by understanding and leveraging personality types to align individual strengths with roles that foster productivity, collaboration and engagement.

Franchise

The Top 10 Burger Franchises in 2024

Taste the sizzle success with the best burger franchises, according to the 2024 Franchise 500 Ranking.