A new report by TechCrunch along with App Analyst has revealed that many popular apps on iOS have been recording user sessions. The applications employed a third party app, Glassbox, that would record all sorts of user interactions down to swipes and taps. Not so surprisingly, this was done without seeking permissions from the user.
The idea behind implementing such monitoring is to know how the user uses the app. This includes what page they open, how long they stay, and how they make purchases. If a user backs out of a purchase, a screenshot is sent back to company for further analysis. TechCrunch said:
“These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.”
While they are not breaching any of Apple’s privacy policy, such a system poses serious threat to one’s privacy. For example, it was found that Air Canada was using Glassbox in their app. So they were getting screenshots of personal data like passport number and credit card. To make matters worse, few weeks ago, Air Canada disclosed that they lost data of 20,000 people in a data breach.
In addition to Air Canada, many popular apps including Hollister, Expedia, Abercrombie & Fitch, Hotels.com, and Singapore Airlines were found using Glassbox. TechCrunch also noted that while not every was sharing data, none had informed their users about such surveillance.
Apple hasn’t issued a statement yet and there are no laws in particular restricting this practice. However, this report might compel Apple to come out with a new policy to ban such practices. Apple’s recent dealings with Google and Facebook showed that they value privacy above everything, so let’s see how they combat this scenario.