BuzzFeed News Reporter

Tech

After dealing with past controversies in which it followed passengers through a "God View" and tracked users who deleted its app from their phone, Uber now has another surveillance mishap on its hands, though the company says this one was unintentional.

[SUBBUZZ 118714369]After dealing with past controversies in which it followed passengers through a <a href="https://www.buzzfeed.com/johanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy?utm_term=.plEnJJOAR#.kw2d11y5Y">"God View"</a> and tracked users who deleted its app from their phone, Uber had to deal with another potential surveillance mishap, though the company said it was unintentional.Earlier this week, security researchers determined that Uber's ride-hailing iOS app had code which could have allowed the company to record a user's iPhone screen. Apple had given that code, called an "entitlement," to Uber to improve the functionality between the app and the Apple Watch, according to an Uber spokesperson on Thursday."You should know this API isn't connected to anything in our current codebase, meaning it's non-functional and there's no existing feature using it," said the spokesperson in an emailed statement. "We are working with Apple to remove it completely ASAP."On Friday, Uber published an update to the Apple App Store, fixing the issues, a spokesperson confirmed.A spokesperson for Apple declined to comment.A source familiar with the situation said that Uber was having memory management issues with the early version of the Apple Watch, leading Apple to grant an exception to add the code in question. That exception was never rescinded, and its existence hypothetically allowed Uber, or a nefarious actor with access to Uber's network, to monitor an iPhone user's screen."It has remained in the Uber binary for the past 2 years so far - it is odd how they are only (hopefully) removing now that it has been mentioned publicly," said Will Strafach, one of the researchers who discovered the code, in a message to BuzzFeed News.In 2014, an Uber executive in New York was investigated for tracking a BuzzFeed News reporter with a "God View" without her permission. That executive later left the company. And earlier this year, <a href="https://www.nytimes.com/2017/04/23/technology/travis-kalanick-pushes-uber-and-himself-to-the-precipice.html">the New York Times</a> reported that Apple CEO Tim Cook met with then-Uber CEO Travis Kalanick in 2015 to discuss how, in attempt to fight fraud, the ride-hailing company was tagging iPhones that had deleted the app, a violation of Apple's rules.[SUBBUZZ 118714695][SUBBUZZ 118720100]

Uber Removes Code That Could Have Let It Surveil iPhone Users

[INSERT 1]After dealing with past controversies in which it followed passengers through a <a href="https://www.buzzfeed.com/johanabhuiyan/uber-is-investigating-its-top-new-york-executive-for-privacy?utm_term=.plEnJJOAR#.kw2d11y5Y">"God View"</a> and tracked users who deleted its app from their phone, Uber had to deal with another potential surveillance mishap, though the company said it was unintentional.Earlier this week, security researchers determined that Uber's ride-hailing iOS app had code which could have allowed the company to record a user's iPhone screen. Apple had given that code, called an "entitlement," to Uber to improve the functionality between the app and the Apple Watch, according to an Uber spokesperson on Thursday."You should know this API isn't connected to anything in our current codebase, meaning it's non-functional and there's no existing feature using it," said the spokesperson in an emailed statement. "We are working with Apple to remove it completely ASAP."On Friday, Uber published an update to the Apple App Store, fixing the issues, a spokesperson confirmed.A spokesperson for Apple declined to comment.A source familiar with the situation said that Uber was having memory management issues with the early version of the Apple Watch, leading Apple to grant an exception to add the code in question. That exception was never rescinded, and its existence hypothetically allowed Uber, or a nefarious actor with access to Uber's network, to monitor an iPhone user's screen."It has remained in the Uber binary for the past 2 years so far - it is odd how they are only (hopefully) removing now that it has been mentioned publicly," said Will Strafach, one of the researchers who discovered the code, in a message to BuzzFeed News.In 2014, an Uber executive in New York was investigated for tracking a BuzzFeed News reporter with a "God View" without her permission. That executive later left the company. And earlier this year, <a href="https://www.nytimes.com/2017/04/23/technology/travis-kalanick-pushes-uber-and-himself-to-the-precipice.html" target="_blank">the New York Times</a> reported that Apple CEO Tim Cook met with then-Uber CEO Travis Kalanick in 2015 to discuss how, in attempt to fight fraud, the ride-hailing company was tagging iPhones that had deleted the app, a violation of Apple's rules.[INSERT 2][INSERT 4]

This story was updated with a comment from security researcher Will Strafach.

This story was updated with details about Uber's improvements to its app on Friday, which removed a potential security hole.

About BuzzFeed Community

Community Brand Guidelines

BuzzFeed Community

Sorry, this content is no longer supported.

BuzzFeed Community Guidelines

BuzzFeed Community Leaderboard

BuzzFeed News has breaking stories and original reporting on politics, world news, social media, viral trends, health, science, technology, entertainment, and LGBTQ issues.

All the best animals on the internet. The snuggle is real.

BuzzFeed has breaking news, vital journalism, quizzes, videos, celeb news, Tasty food videos, recipes, DIY hacks, and all the trending buzz you’ll want to share with your friends. Copyright BuzzFeed, Inc. All rights reserved.

BuzzFeed News | Breaking News | Original Reporting | News Analysis

Animal Pictures and Videos - Adorably from BuzzFeed

Name

Thanks for subscribing!

Stay up to date with our latest BuzzFeed video. Enter your email to subscribe!

Oops! Upload an image or add text to submit.

BuzzFeed has the hottest, most social content on the web. We feature breaking buzz and the kinds of things you'd want to pass along to your friends.

Uber Removes Code That Could Have Let It Surveil iPhone Users

UPDATE

UPDATE