Uber Plans To Remove Private iOS API From Its iOS Codebase
Recent reports state that Uber’s head of security communications announced the company plans to remove the private iOS API that allowed access to record users display information.
Earlier reports on this issue stated that Uber had access to using private iOS API access which was given permission by Apple, allowing Uber the use of the entitlement. The purpose of the access was to improve memory management on Apple Watch, in particular, the older versions of Apple Watch because they were unable to provide maps without the help of a paired iPhone.
But according to security researcher Will Strafach, he claims Uber took advantage of what is called an “entitlement” which basically means special permission to access private allowance to software and hardware features. These private permissions are supposedly extremely guarded, and can only be accessed by code through a sensitive user data. The issue that has caused questions is APIs are separated into public and private use, private APIs may not be used in apps in the App Store. Uber’s API was locked in a private entitlement, giving access to record a device display.
Uber has since issued a statement stating that it has removed the API from its iOS codebase, since Apple has issued updated software improvements to its OS.Lees Uber Plans To Remove Private iOS API From Its iOS Codebase