An explosive investigation by folks at TechCrunch has revealed that many popular iOS apps have been secretly recording your iPhone and iPad screen for a long time. And they have been doing it without the explicit consent of users. They use the so-called “session replay” technology to record your activities, including every swipe and tap you make while navigating their applications. Apple has warned them to fall in line at the earliest or risk their apps being removed from the App Store.
Which popular iOS apps are violating your privacy?
What’s even more surprising is that most of the apps that record your screen activities don’t even ask for your permission. Neither do they disclose it in their respective privacy policies. It violates the App Store Review Guidelines. The App Store “requires that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
Apple has told developers of such apps to remove the screen recording code at the earliest or properly disclose the implementation of analytics tools that enable screen recording. If they don’t fix it, their apps will be removed from the App Store. According to TechCrunch, one developer was given less than a day to remove the recording code from their app.
An Apple spokesperson told TechCrunch, “We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.” Apple takes user privacy seriously, so it wouldn’t mind pulling apps from the App Store that don’t comply with its guidelines.
Popular iOS apps such as Hollister, Abercrombie & Fitch, Expedia, Hotels.com, Singapore Airlines, and Air Canada use data analytics services such as Glassbox to record and play back how users interact with their apps. Glassbox data analytics tools can record on-screen taps, swipes, entries, navigation and more to provide app developers a detailed data of user interactions. Glassbox and other similar tools are embedded within native apps for evaluation and troubleshooting purposes.
End users of these popular iOS apps have no knowledge of their activities being recorded. Glassbox claims to mask sensitive data, but it doesn’t require its customers (the respective apps) to inform their users about screen recording. Glassbox “firmly believes” that app developers should disclose it to their users.
Even though Glassbox masks sensitive data, TechCrunch found that some critical data such as passport numbers, email addresses, and credit card numbers were still unmasked in many cases. It could lead to data leaks as a result of poor data handling by any of the popular iOS apps. None of the apps exposed by TechCrunch disclose their screen recording practices in their privacy policies.
To help improve the online customer experience
Glassbox said in a statement to MacRumors that it doesn’t “spy” on end users. Its primary goal is to improve online customer experiences. It collects data only to help its clients better understand how consumers use their services and where they are struggling. And that data collection process includes taking screenshots or recording the user’s screen to see how they interact with apps.
The Cupertino company requires apps recording a user’s screen to have a red icon in the top left corner to let users know that their screen is being recorded. If customers see that the app is recording their activities, they might get cautious or exit the app. Though TechCrunch has exposed only a handful of popular iOS apps, there could be many more that use the screen replay tools to record your activities. Besides Glassbox, UXCam and Appsee are the other popular providers of such analytics tools.
Apple CEO Tim Cook never misses a chance to highlight the iPhone maker’s commitment to user privacy. The company has encountered many privacy-related issues in the last few weeks. Late last month, Apple banned Facebook’s “research” apps after revelations that the social media giant was paying teenagers to collect all their smartphone data. Facebook had also misused its enterprise developer certificate to provide apps outside the App Store.
Recently, Apple found itself in the midst of another major controversy over a FaceTime bug that allowed callers to hear and see people on the other side of the call even if they don’t pick up.