Popular iPhone apps secretly record users’ screens without permission

Doris Richards
February 9, 2019

TechCrunch is reporting many iPhone apps-particularly travel apps-are secretly recording your screen, without your permission, including Air Canada's popular iOS app. "Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity", Apple said in an email to TechCrunch.

The report makes specific mention of apps from all the companies listed below, which record the action on the screen while inside the app.

The apps didn't say they were recording the screen.

You've probably already heard of some of the super creepy apps that have been downloaded onto people's phones, only for them to discover that they've been accessing the phone's camera or other software to spy on the user. Glassbox is one of the analytics companies that deploy session replaying technology into apps of its customers, which allows developers to see how its users interacted with the app in order to make improvements.

Glassbox's software records activity so that companies can redesign their apps for the best user experience.

Once a user's session is recorded on the device, it is sent back to the app developer. But that's a little hard to trust right now as recordings analyzed by App Analyst showed that extremely sensitive data such as credit card information and passport information were not properly masked.

Masking sensitive data sometimes failed in Air Canada session replays.

Air Canada had earlier reported that its mobile app had suffered a data breach which affected 20,000 users.

There may be several other apps that do the same.

However, Glassbox doesn't require customers to mention they're using screen recording technology in their privacy policies. These are effectively screen recordings extracted from users without their express consent.

Air Canada and Glassbox announced a partnership back in the fall of 2017, to use the latter's analytics platform within the airline's mobile app.

Among other companies, sending their "session replays" to Glassbox were Hollister and Abercrombie & Fitch, while Expedia and Hotels.com chose to send them to their own domain server.

However, Abercrombie said that using Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience", according to 9to5Mac.

It's not unusual for apps to collect your data whether it's to create targeted advertising, help with technical support, or to learn about the demographics of customers.

However, they often fail to ask for user permission and don't denote the shady activity in their privacy policies.

Additionally, the company said that "captured data via our solution is highly secured, encrypted, and exclusively belongs to the customers we support".

Other reports by Iphone Fresh

Discuss This Article