📺 Stream EntrepreneurTV for Free 📺

Apple Gave Uber's App 'Unprecedented' Access to a Secret Backdoor That Can Record iPhone Screens However, there is no evidence that Uber used this access to take advantage of the iPhone features.

By Kif Leswing

entrepreneur daily

This story originally appeared on Business Insider

Reuters/Lucas Jackson via BI
Apple CEO Tim Cook and former Uber CEO Travis Kalanich are friendly.

Uber's iPhone app has a secret backdoor to powerful Apple features, allowing the ride-hailing service to potentially record a user's screen and access other personal information without their knowledge.

The existence of Uber's access to special iPhone functions is not disclosed in any consumer-facing information included with Uber's app, despite giving the company direct access to features so powerful that Apple almost always keeps them off limits to outside companies.

Although there is no evidence that Uber used this access to take advantage of the iPhone features, the revelation of the app's access to privileged Apple code raises important questions for a company already under investigation for a variety of controversial business practices.

Uber told Business Insider the code was not currently being used and was essentially a vestige from an earlier version of its Apple Watch app, but it set off alarm bells among experts.

"Granting such a sensitive entitlement to a third-party is unprecedented as far as I can tell, no other app developers have been able to convince Apple to grant them entitlements they've needed to let their apps utilize certain privileged system functionality," Will Strafach, a security researcher who discovered the situation, told Business Insider.

Here's how it works

Nearly every iPhone app uses what is called an "entitlement" -- basically a way for software to enable features like the camera or Apple Pay on iPhones and iPads. Most of these can be easily found and officially turned on by outside app developers.

But there are certain entitlements that are only used by Apple, giving the company's own software tight integration with the iPhone. These bits are marked with names that start with "com.apple.private," and they are considered so sensitive that any third-party app found using them is rejected from the App Store.

After digging around in the code for Uber's app, Strafach discovered that it uses an entitlement called "com.apple.private.allow-explicit-graphics-priority."

"It is very odd to see Uber as the only app (I checked tens of thousands of other apps using my company's internal dataset derived from the App Store) besides Apple's own apps granted access to this sensitive entitlement," Strafach said in an email. Another person said that no other of the 200 top free apps use private Apple entitlements.

Uber says Apple gave it permission to use the private entitlement, which it used for an earlier version of its Apple Watch app to render maps on the iPhone. The entitlement is not currently being used, Uber says.

"Apple gave us this permission because early versions of Apple Watch were unable to adequately handle the level of map rendering in the Uber app," Uber representative Melanie Ensign told Business Insider. "Subsequent updates to Apple Watch and our app removed this dependency and we're working with Apple to remove the API completely."

Lot of other iOS developers would like special access to private Apple entitlements for both legitimate and illegitimate purposes.

The one Uber was using, for example, could be used to record a user's screen, Thomas Jansen, founder of security research company Crissy Field said. "Imagine any app would be able to use an entitlement like that and just record your screen without you knowing," he said. That's why Apple doesn't allow just any company to use private entitlements.

Apple didn't comment. But one reason why Apple may have let Uber use this sensitive piece of code -- which likely would have needed to have been approved by senior management -- is because the Uber app was demonstrated on-stage when it launched the Apple Watch in 2015 and Uber was a launch app for the Apple Watch.

Hard to trust

Uber has been caught violating the rules of the App Store and has a history of pushing boundaries when it comes to building software that may break legal or ethical boundaries.

After using internal Apple abilities to tag and track individual iPhone devices, even after they were wiped, former Uber CEO Travis Kalanick was summoned to Apple's headquarters. There, he was scolded by Apple CEO Tim Cook, who in a private meeting with Kalanick threatened to pull the Uber app from the App Store, the New York Times reported.

The meeting between the two CEOs reportedly took place in early 2015, around the same time Apple launched the Apple Watch.

"I guess there is some kind of extremely special relationship there, considering Apple granted them exclusive access to a privileged IOKit API a little while after they were abusing other unrelated IOKit APIs in violation of the App Store rules (with no repercussions at all)," Strafach surmised.

The deception apparently didn't scare Apple: Texts published as part of a lawsuit revealed that Kalanick privately said he continued to meet with Cook, with one meeting supposedly taking place in May 2016, as well.

Apple became an Uber investor through its investment in Chinese ride-hailing company Didi Chuxing. In 2016, Didi merged with Uber's Chinese subsidiary.

Kalanick is no longer the CEO of Uber. Uber's current CEO, Dara Khosrowshahi, has not yet said anything publicly about the $69 billion startup's relationship with Apple, but has addressed the company's rule-bending culture. A recent change to iOS, the iPhone software, prevented Uber from collecting rider location in the background without a visual signal.

Kif Leswing

Contributing Writer

Kif Leswing has been a contributing writer for Fortune since 2015.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business Culture

Want to Improve Your Productivity? These 7 Types of Music Will Help You Focus

Listening to the right music can help you concentrate when you're on a deadline, studying for an exam or just trying to increase productivity.

Side Hustle

These Coworkers-Turned-Friends Started a Side Hustle on Amazon — Now It's a 'Full Hustle' Earning Over $20 Million a Year: 'Jump in With Both Feet'

Achal Patel and Russell Gong met at a large consulting firm and "bonded over a shared vision to create a mission-led company."

Leadership

You Might Think You're a Great Leader — But Do Your Employees Agree? Here's How to Harness Empathy to Drive Team Success

True empathy is the mixture of unfiltered honesty with a deep understanding of an individual's narrative.

Growing a Business

If You Aren't Betting on the Media Industry, You Are Losing a Competitive Edge — Here's Why.

Building or acquiring media assets is an increasingly popular strategy adopted by creative entrepreneurs and startups looking to leverage the industry's unique characteristics.

Productivity

Want to Be More Productive? Here's How Google Executives Structure Their Schedules

These five tactics from inside Google will help you focus and protect your time.

Resumes & Interviewing

6 Traits to Look For in Your Next Boss

These are the characteristics you need to look for to find a manager who understands they're in service to their teams — not the other way around.