Several popular iPhone apps are quietly recording your screens

[midian182]

A hot potato: Apple has long positioned itself as one of the few tech companies that prioritize users’ privacy, but it appears that several popular iPhone apps don’t support that narrative. A recent investigation revealed how these programs are recording every action you perform within an app, including swipes, taps, and text input, while also putting sensitive data at risk.

TechCrunch, along with The App Analyst, found that some airline, hotel, and retail apps use embedded technology from a company called Glassbox, a customer experience analytics firm.

To show developers how customers behave in their apps, thereby allowing them to discover any issues, Glassbox uses session replays, which essentially record an iPhone screen without the owner’s consent or knowledge. This information is then sent to the devs, either directly or via Glassbox.

For some apps, including travel sites, sensitive customer information isn’t being transferred securely. This includes passwords and credit card data, both of which weren’t always properly masked when sent to Air Canada—a company that recently reported a massive data breach that exposed 20,000 profiles. The practice left the data vulnerable to man-in-the-middle interception techniques.

TechCrunch writes that none of the apps in question— Air Canada, Hollister, Expedia, Abercrombie & Fitch, Hotels.com, and Singapore Airlines—inform users explicitly about the data-gathering process, nor do they request permission or explain it in their privacy policies. Glassbox, on the other hand, is more open about what it does. "Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is Glassbox," states its Twitter bio. The company even mentions the Air Canada deal.

Glassbox Digital Signs New Contract with Air Canada! #cx #digitaltransformation #airlines #digital #customerjourneys #customerjourneymapping https://t.co/gUzCTUm3O9

— Audelia Boker (@BokerAudelia) 30 January 2019

This sort of data gathering has been going on for a while now, and Glassbox isn’t the only company to offer such a service. Most developers say it’s the best way to improve their products, but not clearly stating that the process takes place will doubtlessly concern users.

Permalink to story.

https://www.techspot.com/news/78635-several-popular-iphone-apps-quietly-record-screens.html

 

[btfsttg]

I have been told hundreds of times only Android apps do this, that the Apple App Store filters all malicious apps out.

How can this be?

 

[Hexic]

I have been told hundreds of times only Android apps do this, that the Apple App Store filters all malicious apps out.

How can this be?

Rose-tinted glasses and security assumptions about a particular operating system.

 

[IAMTHESTIG]

This is why I HATE company apps. Everyone has to have a stupid app, McDonalds, Target, Starbucks, whatever. YOU DON'T NEED AN APP! Just make a quality mobile website. They just make the apps to track you and gather as much info about you as they possibly can so they can get more money out of you.

I personally avoid apps on my phone and try to stick with stock everything as much as possible or purpose-built apps. I don't conform to all the "download our app" crap.

Infuriating.

 

[Kibaruk]

This is why I HATE company apps. Everyone has to have a stupid app, McDonalds, Target, Starbucks, whatever. YOU DON'T NEED AN APP! Just make a quality mobile website. They just make the apps to track you and gather as much info about you as they possibly can so they can get more money out of you.

Shame on them for trying to monetize on opportunities, am I right?

I completely understand, don't get me wrong it pissed me off too but you have to understand that the decision still falls on you and me, if you or I want those mcbucks (or whatever they give with the app) and if really want to install it or not.

And this has been going for longer than apps, it started with the loyalty cards, when we started giving the companies better ways to profile their customers for nothing (Yeah sure, if you buy enough stuff you can eventually get a chocolate).

I opt out for most of the tracking options (There are some that are worthwhile though, like when I made a big purchase of around $400, I got $140 of credit store which was really sweet).