After dealing with past controversies in which it followed passengers through a "God View" and tracked users who deleted its app from their phone, Uber had to deal with another potential surveillance mishap, though the company said it was unintentional.
Earlier this week, security researchers determined that Uber's ride-hailing iOS app had code which could have allowed the company to record a user's iPhone screen. Apple had given that code, called an "entitlement," to Uber to improve the functionality between the app and the Apple Watch, according to an Uber spokesperson on Thursday.
"You should know this API isn't connected to anything in our current codebase, meaning it's non-functional and there's no existing feature using it," said the spokesperson in an emailed statement. "We are working with Apple to remove it completely ASAP."
On Friday, Uber published an update to the Apple App Store, fixing the issues, a spokesperson confirmed.
A spokesperson for Apple declined to comment.
A source familiar with the situation said that Uber was having memory management issues with the early version of the Apple Watch, leading Apple to grant an exception to add the code in question. That exception was never rescinded, and its existence hypothetically allowed Uber, or a nefarious actor with access to Uber's network, to monitor an iPhone user's screen.
"It has remained in the Uber binary for the past 2 years so far - it is odd how they are only (hopefully) removing now that it has been mentioned publicly," said Will Strafach, one of the researchers who discovered the code, in a message to BuzzFeed News.
In 2014, an Uber executive in New York was investigated for tracking a BuzzFeed News reporter with a "God View" without her permission. That executive later left the company. And earlier this year, the New York Times reported that Apple CEO Tim Cook met with then-Uber CEO Travis Kalanick in 2015 to discuss how, in attempt to fight fraud, the ride-hailing company was tagging iPhones that had deleted the app, a violation of Apple's rules.
This story was updated with a comment from security researcher Will Strafach.
This story was updated with details about Uber's improvements to its app on Friday, which removed a potential security hole.