Popular iPhone apps are secretly recording your screen without permission

Popular iPhone apps are secretly recording your screen without permission

Many popular iPhone apps-including Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines-are using a technology called "session replay" from customer experience analytics firm Glassbox to record everything you do on your iPhone when using their app, reports TechCrunch.

The worst thing is that the apps do not clearly state that the screen could be recorded and require permissions to do so.

Shortly after it was discovered that Facebook and Google had misused their company certificate to install applications to monitor user activity outside the App Store, a new report appeared on apps that apparently recorded all the interaction of the users and sent them to the developers or to a service provider. Not only can they record activity, but they can also screenshot your screen as well as document when you tap, swipe, type or push buttons within the app.

The analytics software was developed by the company Glassbox, which advertises its services to customers by saying: "Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?" This technology essentially takes screenshots when you use their app and sends those back to the companies. But it's not the only app to gather information about what users are up to, and to feed this back to developers. But according to The App Analyst and TechCrunch, in some cases, it's possible for the app developers to actually see the information you enter into a screen, including credit card information and other data. This means anyone with access to these replays can access sensitive information.

Recently, the source said that they have found Air Canda's iPhone app was recording screen without properly masking the confidential data.

According to the expert, not every app was leaking masked data. But it would seem the apps in question don't make it clear in their policies that they might record a user's screen.

TechCrunch's investigation revealed that some of the other apps didn't mask email IDs and postal codes during session recordings.

Importantly, Tech Crunch noted that it's impossible to know if an app is recording your screens when you use their app.

TechCrunch found these apps via Glassbox's customer database. While collecting user data purely for creating better apps makes sense, it's also important that users are aware how much of their sensitive data could be escaping their device. These apps are associated with a number of specific large companies who have been using a service called Glassbox.

"Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips".

When asked by TechCrunch why their privacy policies failed to mention the screen-grabbing feature, each company responded with vague answers. The goal is allegedly the same, to see how customers interact with apps, to study their use of it, and, supposedly, to improve it.