Some popular iPhone apps silently record your screen, report claims

0
149
Some popular iPhone apps silently record your screen, report claims

news image

Disclosure

Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our work.

Some iPhone apps are hungrier for your data than others.
Some iPhone apps are hungrier for your data than others.

Image: ODD ANDERSEN/AFP/Getty Images

2016%252f09%252f16%252f6f%252fhttpsd2mhye01h4nj2n.cloudfront.netmediazgkymdezlza1.53aea.jpg%252f90x90By Stan Schroeder

The apps and online services you use sometimes gather your data and use it for analytics or advertising purposes. There’s no question about that. It’s a fact of life at this point. And it’s only a matter of whether you’ve been asked permission, whether your data is used fairly and in accordance with the law, and whether it’s transferred and stored securely. 

But a recent report by TechCrunch claims some popular iPhone apps fail on at least two counts. Apps from companies like Air Canada, Hollister, Expedia and Hotels.com record everything you do on your phone’s screen while you use them — often without asking for permission. 

SEE ALSO: iPhones are displaying fake ‘5G E’ indicators: Why it matters

These apps, TechCrunch has found (with the help of analytics company App Analyst), use technology from a company called Glassbox, which creates so called “session replays,” letting app owners see exactly how their customers behave while using the app. 

App Analyst’s experts took a peak at how some of these apps are sending this data, and found that not all of them properly masked sensitive data such as passwords. In the case of Air Canada’s app, there was an instance in which the app sent the customer’s credit card information completely unencrypted. TechCrunch says none of these apps ever warned the user it’s even recording their actions in the first place, nor do they mention it in their privacy policies

Glassbox doesn’t exactly hide what it does. The company’s Twitter bio states the following: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is Glassbox.”

As a customer, I'm not sure I'd ever sign up for this.

As a customer, I’m not sure I’d ever sign up for this.

Image: Glassbox/Twitter

In a recent tweet, Glassbox boasts about signing a deal with Air Canada, one of the apps TechCrunch has found to be among the worst offenders. 

Air Canada told TechCrunch that it is indeed collecting “user information entered in, and collected on, the Air Canada mobile app.” The company does this, its spokesperson said, to “ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips.”

A Glassbox spokesperson pointed out to TechCrunch that it “cannot break the boundary of the app,” but it did say it has a “unique capability to reconstruct the mobile application view in a visual format,” which it calls “another view of analytics.” 

It’s not the first nor the only company to provide a similar service; Android-focused Appsee does something similar. and it, too, was found to be used in a way that’s not always transparent for users. 

Most companies will say, when asked, that they’re only using your data to improve your experience. But even if their intentions are pure, they should still disclose exactly what they’re doing and take every measure to protect your data. This does not appear to be the case here. 

Read More

LEAVE A REPLY

Please enter your comment!
Please enter your name here