While this sounds like a security and privacy nightmare, the entitlement doesn’t work like a screen-recording app, according to an app researcher speaking to Gizmodo, and will be removed from the app soon. What it does is visualize colors and pixels on the screen, not precise details. However, the concern is this data could be decoded and interpreted to reveal sensitive personal information, user habits, or, should Uber’s app be hacked by criminals, passwords and other login information.
What makes this unusual is that Uber is the only third-party app developer using it. Other entitlements are commonly used by app developers, as they provide access to key phone features, such as the camera and Apple Pay. They operate in a similar way to permissions on Android. The entitlement used by Uber here is considered reserved for Apple’s use only, due to its privacy and security concerns. Using entitlements without Apple’s approval would normally result in the developer being banned from the App Store.
The entitlement was used by Uber to assist the Apple Watch Series One render maps correctly. Apple partnered with Uber to show how the app would operate on the Apple Watch during its March 2015 event. Apparently, developers had four months to prepare Apple Watch apps before the launch, which may explain why Apple granted Uber use of the entitlement at the time, to ensure it was stage-ready on the day.
Uber says the entitlement has not been used since then, and it has never tracked any unauthorized access or use of it. However, Uber’s reputation regarding privacy has been tarnished before, and although it says it will remove the entitlement, it’s unclear why it hasn’t done so before now, given the potential for abuse.
