A hot potato: Apple has long positioned itself as one of the few tech companies that prioritize users’ privacy, but it appears that several popular iPhone apps don’t support that narrative. A recent investigation revealed how these programs are recording every action you perform within an app, including swipes, taps, and text input, while also putting sensitive data at risk.
To show developers how customers behave in their apps, thereby allowing them to discover any issues, Glassbox uses session replays, which essentially record an iPhone screen without the owner’s consent or knowledge. This information is then sent to the devs, either directly or via Glassbox.
For some apps, including travel sites, sensitive customer information isn’t being transferred securely. This includes passwords and credit card data, both of which weren’t always properly masked when sent to Air Canada—a company that recently reported a massive data breach that exposed 20,000 profiles. The practice left the data vulnerable to man-in-the-middle interception techniques.
TechCrunch writes that none of the apps in question— Air Canada, Hollister, Expedia, Abercrombie & Fitch, Hotels.com, and Singapore Airlines—inform users explicitly about the data-gathering process, nor do they request permission or explain it in their privacy policies. Glassbox, on the other hand, is more open about what it does. "Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is Glassbox," states its Twitter bio. The company even mentions the Air Canada deal.
This sort of data gathering has been going on for a while now, and Glassbox isn’t the only company to offer such a service. Most developers say it’s the best way to improve their products, but not clearly stating that the process takes place will doubtlessly concern users.