Uber has a history of violating ethical concerns and pushing/breaking legal boundaries. When the FTC issued a complaint against them for violating data privacy standards by tracking users who had removed the app from their phones, it was troubling. When it was revealed that Uber was using an illegal program to cause issues for city officials who opposed Uber from operating in a city, it was deeply concerning. Now it turns out that Uber has access to your phone screen, as long as your using an iPhone. Apple granted the Uber app exclusive access to iPhones, using the Apple only entitlement “com.apple.private.allow-explicit-graphics-priority.”
Entitlements are similar to the permissions that Android phones ask their users for whenever an app is installed, such as access to your contacts or photos. The entitlement that Uber has allows them to put things on your screen, usually images or maps. Uber claims that this level of access was necessary because early versions of the Apple Watch struggled with rendering the maps Uber uses. This permission allowed the phone to do the heavy lifting, and display the map on the watch. Uber has also stated that since newer versions of the Apple Watch have been released they no longer need this entitlement, but it hasn’t been removed from their app as of the writing of this post. The problem with this entitlement is that it works in reverse, the Uber app can see and record what your phone screen is displaying. It can do so without notifying you first because you agreed to the permissions it needed when you installed the Uber app.
There may be legitimate reasons for Apple to grant this level of access to Uber, the ride-sharing company may really have needed that entitlement to get their app to run on Apple Watches. It’s hard to trust Uber though, a company that inhabits a legal and ethical quagmire. Geo-fencing Apple’s headquarters to avoid them noticing their ads and user tracking activities. Apple gave them a pass then, in a meeting between Apple’s Timothy Cook and Uber’s Travis Kalanick, where Mr. Kalanick agreed to Mr. Cooks request to “stop the trickery.” Uber used Greyball, a custom designed program to track and quarantine public officials in cities against Uber.
When Uber provides their services in cities where they’re not allowed to operate, Greyball finds investigators and other law enforcement officers whose job it is to track things like this down. When those officials try to get a ride, in the hopes of setting up a sting, the app sends ghost cars to them that would quickly cancel the ride. With a map populated by false cars designed to throw investigators off their scent, Uber provides service in cities where they aren’t supposed to operate. An important thing to note is that this Greyball program was approved by Uber’s legal team. Uber has come under fire for its workplace environment, with a multitude of harassment claims, from verbal and physical to sexual. Mr. Kalanick’s sulfurous argument with the Uber driver was leaked by the driver, adding more fuel to fire. The problem with Apple giving Uber this sort of access is that Uber has a long track record of doing whatever they deem necessary for success, and that’s not always a good thing.
Max is a Legal Assistant and author residing in the Philadelphia area He has been writing for AskCyberSecurity.com since early 2017.