Users are keenly aware of the threat to their desktops from hackers, but few give the same consideration to their smartphones. While the PC options for protection against malware, viruses, and other malicious software is fairly robust, with a wide range of both free and paid security programs, a quick visit to any mobile app store reveals that phone antivirus and malware protection is fairly limited.
This situation may change as community awareness towards mobile malware threats continues to improve, especially after a number of high profile attacks through seemingly innocuous apps. Thanks in large part to this growing climate of suspicion, users raised the alarm recently over a legitimate but potentially exploitable permission in the Uber app, the popular transportation and food delivery company.
The potentially harmful permission was only found within the version of the app intended for Apple iOS devices, and involved both the iPhone and their line of smart watches. The so-called “back door” included in Uber’s app gave the program unprecedented access to the operating system of the device on which it was installed.
Specifically, Uber’s app had the ability to read the screen buffer, the segment of the device’s memory used by applications to hold the data that will be displayed on-screen. With this permission, the app could easily view and possibly record the information, be it photos, text, or anything else displayed on the screen. This permission is typically reserved for applications produced directly by Apple, with Uber being the only known third-party app granted this unique permission.
While this is not a problem on its own, should the app be hijacked by malicious parties, they could use this permission to access users’ personal data easily. Malicious apps are a growing trend, with two cases involving the Android app store and at least 50 harmful apps taking placing this year alone. To be fair, unlike this case, Uber did not attempt to fly the feature under the radar; rather, the permission was approve by Apple before Uber’s app was made available via the mobile shop.
According to Uber, the feature was specifically designed for an Apple Watch application that would enable maps to be rendered on the iPhone’s background. Despite their good intentions, the transportation software giant announced that future iterations of the app will not include the potentially exploitable permission and updates have already removed it from the current version. Apple’s response to the situation is as yet unclear.