It’s no secret that there are apps that record your movements on your phone. But despite the iPhone being known for its security, there are several popular iPhone apps from all types of major businesses that record your screen without your knowledge or at least without making it clear to you that that’s what they are doing. Some of these are using a customer experience analytics firm, Glassbox, that helps the apps keep an eye on you.
Glassbox helping Apps Collect Your Data
You may have resolved to not use Google or Facebook because of the knowledge that they’re collecting data on you, but it doesn’t really matter because so many other companies are doing the same thing. They’re just not as upfront about it.
Sure, it’s something that we may fear or even expect, but it’s still a shock somewhat when there’s evidence of it. TechCrunch found several apps from hotels, airlines, banks, even cell phone carriers, using Glassbox.
This includes Air Canada, Hollister, Expedia, Abercrombie & Fitch, Hotels.com, and Singapore Airlines. They all use Glassbox. It allows developers to embed “session replay” technology into their apps. This lets the developers record your screen and play it back so they can see how you interacted with the app and to figure out if something didn’t work as it was supposed to.
Glassbox itself said in a recent tweet, “Imagine if your website or mobile app could see exactly what your customers do in real time and why they did it.”
Air Canada isn’t even properly masking the session replays that were turned over to them, and that exposed passport numbers and credit card data.
They’d even reported a data breach before The App Analyst reported that the airline wasn’t masking their session replays. The expert wrote that the session replays let “Air Canada employees — and anyone else capable of accessing the screenshot database — see unencrypted credit card and password information.”
Glassbox lists these apps on their website as being their customers. TechCrunch asked The App Analyst to use a man-in-the-middle tool to look at those to see what data was being examined by them. Not all of them were leaking masked data, and none of the apps admitted they were recording user screens or that they were sending the data back to Glassbox.
The App Analyst said, “Since this data is often sent back to Glassbox servers, I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords.”
Some apps, such as Hollister and Abercrombie & Fitch, sent their session replays to Glassbox, but apps like Expedia and Hotels.com sent their session replay data back to a server on their own domain. That “mostly obfuscated” the data, but The App Analyst could still see some email addresses and postal codes.
It’s hard to tell which apps are recording users’ screens, as Tech Crunch didn’t find that in the privacy policies of these apps, and apps in Apple’s App Store all must have privacy polices.
Eyes Wide Open
“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users’ data and who they share it with,” opined The App Analyst.
Sure, this is stuff that is expected by some, it’s sad to say. When major companies like Facebook and Google are knowingly using your data, what’s to stop these other apps from doing the same thing. So while companies should be letting users know, users should also be going into the process with their eyes wide open.
Do you use any of these apps? Are you about to delete them from your iPhone? It changes your thoughts on downloading apps, doesn’t it? Let us know your thoughts on iPhone apps secretly recording your screen with the help of Glassbox in the comments.