Privilege escalation to allow non activated users to login and use uber partner ios app

Hi It is possible for non activated users to login to partner app and use its full features! Steps: 1- download uber partner iOS app 2- intercept the login request with burp suite and change “allowNotActivated":false to "allowNotActivated":true 3- Login failed because the server responded with isActivated":false 4- Go to burp suite Match and replace from proxy options tab 5- add a match/replace rule ( Type: Response body, Match: false, Replace: true ) 6- repeat login process once again and intercept the login request and change allowNotActivated”:false to allowNotActivated”:true 7- you are logged in successfully :)