Popular iPhone Apps Including Expedia and Abercrombie & Fitch Secretly Record Users' Screens

The home screen on the iPhone XS

They could also use this data in aggregate to see how people are using the app and which features they're using. These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it. Companies utilize Glassbox to record user sessions to let developers see how an app is used, to get feedback on changes and errors.

According to TechCrunch's Zack Whittaker, numerous apps rely on Glassbox, a customer service analytics company.

According to Air Canada, this information "includes user information entered in, and collected on, the Air Canada mobile app".

TechCrunch's investigation revealed that some of the other apps didn't mask email IDs and postal codes during session recordings. Although as a result, he found that the data is often transmitted back to Glassbox servers rather than the appropriate app server. The session replays were potentially exposing passport numbers and credit card data in each replay session. So, not too bad. This means that there is absolutely no way the user can know their screen is being recorded by an app. Screenshots are sent back either directly to the company's servers or Glassbox's cloud.

Hotel.com's policy does not mention recording users' screens, nor does Expedia's. We didn't even find it in the small print of their privacy policies.

These apps are using Glassbox, which allows developers use something that's called "screen replay" which records the screen technology. So really, there's no way to know. In the case of Air Canada, the expert found the app wasn't masking replays from users' screens. Neither did Singapore Airlines.

In response to the findings, Abercrombie confirmed that Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience".

An Expedia spokesperson told Fox News that "Expedia Group brands are not actively using Glassbox services on any of our native applications for iOS or Android".

A security researcher has been analyzing a tool developers can embed inside their iPhone apps that could allow them to see exactly how you use their apps.

From a user experience perspective, this makes sense. Especially in high-revenue situations, this kind of data can help a company understand how and why their apps might not be working properly which could be costing them a hefty loss of profit. As a result, there is no way of knowing if the apps you use on your iPhone are recording every move you make and passing along personal data.

"I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with", said The App Analyst. Google is yet to comment, although its own rules are similar to Apple's: "Apps must not hide or cloak tracking behaviour or attempt to mislead users about such functionality", they contain.

What does SIA do with your data?

"Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips. This is specified under Clause 3 of our privacy policy which is available on our website". The technology is used to capture numerous screenshots during a user's session with the app.

That's a little clearer, perhaps?

At least now though, you should be informed when a company is about to secretly record your on screen behaviour.

Related:

Comments


Other news