Some popular iOS apps recorded users’ screens for analytics

The home screen on the iPhone XS

These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it.

A company called Glassbox is one of a few companies that offer app and website developers technology that allows them to record the screen and watch how users navigated their app.

A Glassbox spokesperson pointed out to TechCrunch that it "cannot break the boundary of the app", but it did say it has a "unique capability to reconstruct the mobile application view in a visual format", which it calls "another view of analytics".

Air Canada, among other apps, doesn't erase personal information, meaning passport data and credit card information is available for review. When you're using an app like Air Canada, Hollister, or Expedia, that app can monitor everything you tap and swipe in the app itself.

Masking sensitive data sometimes failed in Air Canada session replays.

Recently, the source said that they have found Air Canda's iPhone app was recording screen without properly masking the confidential data. In the case of Air Canada's app, there was an instance in which the app sent the customer's credit card information completely unencrypted. Who then proceeded to embed its own data and display recording technology into the respective mobile apps. After testing some of the above apps mentioned, the report hints that every app wasn't leaking this masked data, which is a relief for now. So, not too bad.

Another problem: the recordings reveal sensitive data. As with the previous case of Facebook and Google, Glassbox and other similar services also work on Android. But, let's be honest: Even if apps warned you in their privacy policies, would you even notice?

While apps that are submitted to Apple's App Store are required to have a privacy policy, Glassbox themselves doesn't require any special permission from App or the User to record their screens. So really, there's no way to know.

TechCrunch claims many iPhone apps "secretly record your screen". Neither did Singapore Airlines. But there was no clarity on where in Abercrombie and Hollister's privacy policies it is mentioned of screen recording.

In response to the findings, Abercrombie confirmed that Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience".

They made no comments on session replays.

The session replay technology enables app developers to record users' every single tap, keyboard entry, button push, etc.

From a user experience perspective, this makes sense. Apple has asserted that those who do not comply with this new directive will see their apps removed from the Store on iOS.

Such data collection isn't necessarily unusual providing the user has consented to it and the company collecting it puts in the effort to anonymise or obfuscate sensitive data that might be collected in the process.

What does SIA do with your data?

"Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips", said a spokesperson". The idea of these session recording services is to capture how people use certain apps.

Related:

Comments

Latest news

Eden Hazard expects to do 'something great' with Gonzalo Higuain
The 60-year-old Italian has lavished praise on Hazard, declaring him Europe's best player on Friday, but does not feel a player who captains his country is a leader .

Trump orders flags at half-staff to honor John Dingell
Throughout his lifetime of public service, John was a fierce advocate for the people of MI and was guided by a love of country. Michigan Democratic Party chair Lavora Barnes' statement to the media read, in part, " John Dingell was The Dean and more.

William Barr, Attorney General Nominee, Gets Nod From Key Senate Committee
Barr has said he will be as transparent as possible under Justice Department regulations and will make as much public as he can. Many Democrat lawmakers on Capitol Hill are anxious about whether Barr would recuse himself from the Russian Federation probe.

NYPD to Google: Stop letting Waze users publicize our DWI traps
Before cellphones and traffic apps, the practice of flashing headlights to warn other drivers about "speed traps" was popular. By design, Waze is not directly at fault, as the application does not have a feature that specifically calls out checkpoints.

Google’s Top Tips for Keeping You and Your Family Safer Online
A pop-up alert will appear alerting users if their details are no longer safe and will suggest they change their password . Google's own research published today shows that many people still reuse passwords.

Other news