Apple allowed Uber to use a tool that could record a user's iPhone screen
According to a report in Gizmodo late on Thursday, researchers said that Apple permitted Uber's iOS app to copy phone screen to improve functionality between Uber's app and Apple Watch.
After the researchers discovered the tool, Uber said it is no longer in use and will be removed from the app.
"It looks like no other third-party developer has been able to get Apple to grant them a private sensitive entitlement of this nature," Will Strafach, a security researcher and CEO of Sudo Security Group, was quoted as saying.
The concern is that Uber — or a hacker who managed to break into Uber's network — could silently monitor activity on an iPhone user's screen, stealing passwords and other personal information.
"Entitlement" is a code that app developers can use for anything from setting up push notifications to interacting with Apple systems like iCloud or Apple Pay.
"The 'entitlement' isn't common and would require Apple's explicit permission to use," the researchers were quoted as saying.
Apple was yet to respond to this.
The "entitlement" first appeared in Uber's app when the original Apple Watch was launched in 2015.
Earlier this year, media reports said former Uber CEO Travis Kalanick tried to flout the rules laid by Apple on the App Store.
According to a report in The New York Times, Apple CEO Tim Cook convened a meeting with Kalanick in 2015 when he found that Uber was directing his employees to help camouflage the ride-hailing app from Apple's engineers.
The reason was to keep Apple from finding out that Uber had been secretly identifying and tagging iPhones even after its app was deleted and the devices erased — a fraud detection maneuver that violated Apple's privacy guidelines.
"So, I've heard you've been breaking some of our rules. Stop the trickery or Uber's app would be kicked out of Apple's App Store," Cook reportedly warned Kalanick during the meeting.