News

Some Popular iOS Apps are Recording Your Screens Without Your Permission

Numerous popular iOS apps are capturing your activity in the apps without your permission. The apps record detailed data, including swipes, taps, and even full screen recordings.

The apps are from major companies, such as Abercrombie & Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines. The apps are using technology provided by Glassbox, a customer experience analytics firm that allows developers to replay users sessions from their apps.

TechCrunch:

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

While user tracking like this is bad enough, some of the apps using it don’t properly mask the data that’s being recorded. The Air Canada exposes user information like credit card and passport numbers. while other apps leaked email addresses and postal codes.

“Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” mobile app expert The App Analyst told TechCrunch.

All of the apps in question have a privacy policy in place, but none informs the user that their screen activity is being recorded. Glassbox does not require special permission from either the user or Apple to record screen activity, and there is no way to know when an app is doing this.

Glassbox’s own privacy policy does not require its clients to mention the screen recording feature of that app in their privacy policies.

An Air Canada spokesperson responded to an enquiry by TechCrunch:

“Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips,” said a spokesperson.” This includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not—and cannot—capture phone screens outside of the Air Canada app.”

Other analytics companies offer services similar to those provided by Glassbox, and a large number of companies make use of their technology. The activity tracking isn’t limited to iOS apps, as it can also be used on websites.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.