Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,195,368 members, 7,957,987 topics. Date: Wednesday, 25 September 2024 at 06:50 AM |
Nairaland Forum / Science/Technology / Technology Market / Uber Removing Private Ios API That Allowed Them To Record Your Display (278 Views)
Buy Custom LCD And TFT LCD Modules For Your Display Needs / SOLD - Like New Galaxy S20 Ultra Dual SIM For Sale - ESCROW ALLOWED / Instagram Likes – Instagram Removing Public Likes (2) (3) (4)
(1) (Reply)
Uber Removing Private Ios API That Allowed Them To Record Your Display by GlobalTechGist(m): 2:51pm On Oct 09, 2017 |
Uber’s head of security communications has today announced that the company is removing access from its iOS app that may have allowed the company to record a user’s display unknowingly. Security researchers had noticed that Uber was given access to these private APIs by Apple, an unprecedented move from the security focused company. Within iOS, application developers use entitlements to gain access to different APIs. For example, usage of iCloud and Apple Pay APIs require specific entitlements within an application. The idea behind using entitlements is that iOS applications only have access to what they absolutely need. As Apple puts it , “By carefully enabling only the resource access that you need, you minimize the potential for damage if malicious code successfully exploits your app.” This is where Uber’s iOS app raised a few eyebrows. APIs, and as a result entitlements, are separated into public and private usage. Private APIs may not be used in apps that are submitted to the App Store. Uber’s API that could technically allow them to record a device’s display was locked away behind a private entitlement. Melanie Ensign, Security and Privacy communications at Uber, told Will Strafach on Twitter that the entitlement would be removed. According to Ensign, the API was used back when watchOS apps couldn’t handle map rendering. From a technical perspective, the APIs may have allowed Uber to capture what was seen on the iOS app’s display and then push it to the watchOS app. Strafach asked Ensign how Uber was granted access to this entitlement in the first place. Being a private entitlement, no applications should have this access. In his own researched dataset , he discovered only Uber and Apple’s own apps had this private access. Strafach mentioned that Apple had to have granted this entitlement to Uber. Being granted this level of access is especially interesting in light of Apple and Uber’s history. Earlier this year, it was reported that Tim Cook had threatened to pull Uber from the App Store over allegations of tracking users. more at http://globaltechgist..co.ke/2017/10/uber-removing-private-ios-api-that.html?m=1 |
(1) (Reply)
Gionee P5w .#14000 Only! / Quiickbooks Desktop Premier Accounting 2018 / CBT Application For Jamb
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 27 |