Thu. Mar 28th, 2024
iPhone privacy advertisement

A few of the popular iOS apps are reported to record every action users make while they are on the app. These apps have been found to literally record user’s iPhone screen, without asking for user permission or informing them about it. According to TechCrunch, several popular iOS apps use Glassbox, which is an analytics company, in order to deploy session replaying into their apps. The technology is able to record any action a user takes on those apps, including sensitive information like credit card numbers and passwords. None of these apps need user permission to record users’ screens.

Apps such as Air Canda and Expedia were found recording user actions via Glassbox analytics. TechCrunch found several apps hotels, travel websites, airlines, banks, and others that did not clarify if they were collecting such data and how they were going to use that data.

With the session replay technology, app developers have the power to record every single tap a user makes on the app including keyboard entry and button push. The data is captured only when the user is in the app.

Apps like Singapore Airlines and Hotels.com also use Glassbox’s session replay technology in their apps. This technology helps developers to record user’s screen and replay it to see how the user interacted with the app. Although on the surface, it seems like a useful feature for app developers, not all the apps were seen masking user’s data, exposing sensitive financial information.

After a user’s session with the app is recorded, it is sent back to the app developer. In case of Air Canada’s iOS app, The App Analyst–a mobile expert cited by TechCrunch- found that the company was clearly exposing the passport numbers and credit card information in each session replay being sent back.

Earlier, Air Canada had also reported a breach in their data on their mobile app which affected 20,000 users. The breach leaked passport numbers and other sensitive data.

TechCrunch further noted that none of the apps included in recording user’s screen disclosed it to the users, even if it was done out of analytical purposes.

The apps that are submitted to the iOS App Store carry a privacy policy, nevertheless, TechCrunch TechCrunch didn’t find any of the apps the company reviewed mentioning screen recording in their policies. That means there is no way for users to know if their screen was being recorded.

App developers use tools from a number of analytical companies other than Glassbox that offer session replaying. While these session recordings are sued chiefly to improve the apps, it is also important for users to stay aware of how much of their data is escaping their devices.

Leave a Reply

Your email address will not be published. Required fields are marked *