Published: Sat, February 09, 2019
Electronics | By Shannon Stone

Popular iPhone Apps Are Secretly Recording Your Phone Screen

Popular iPhone Apps Are Secretly Recording Your Phone Screen

As if it wasn't already creepy enough that these apps have the ability to spy on your phone use, in some instances, such as when you use the Air Canada app, your personal information is at risk of being breached.

Select iPhone apps have been using an analytics firm known as Glassbox to allow developers to use a tool called "session replay" that screen records a user's activity within the app.

A security researcher has been analyzing a tool developers can embed inside their iPhone apps that could allow them to see exactly how you use their apps.

On the other hand, the report also stated that most of the apps evaluated in this manner did not exhibit unmasked data.

Apps like Singapore Airlines and Hotels.com also use Glassbox's session replay technology in their apps. However, TechCrunch found that not all apps that are using Glassbox's tech are masking data fields properly, leaving sensitive information exposed in the screen recordings.

"Every tap, button push and keyboard entry is recorded-effectively screenshotted-and sent back to the app developers", TechCrunch reports. But according to The App Analyst and TechCrunch, in some cases, it's possible for the app developers to actually see the information you enter into a screen, including credit card information and other data.

Recently, the source said that they have found Air Canda's iPhone app was recording screen without properly masking the confidential data. But if the implementation is poor, these apps can leak customer data.

TechCrunch further added that none of the apps involved in capturing all this data discloses it to their users, even if they're doing it simply for analytics purposes.

As 9to5Mac noted, services like Glassbox have been around for a while, but Apple has yet to bring down the hammer; other companies that provide similar services named by TechCrunch included UXCam and Appsee.

While apps in the Apple App Store need to include a privacy policy, none of them mention anything about recording the usage of the app. Glassbox does not require Apple, nor the app user, to give it special permission.

Air Canada, in turn, said that it "uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips".

However, they often fail to ask for user permission and don't denote the shady activity in their privacy policies.

Among other companies, sending their "session replays" to Glassbox were Hollister and Abercrombie & Fitch, while Expedia and Hotels.com chose to send them to their own domain server. The goal is allegedly the same, to see how customers interact with apps, to study their use of it, and, supposedly, to improve it. The first step, he says, is having companies be more honest about how they collect their users' data and who they share it with.

Like this: