Apple Forces Developers to Remove Screen Recording Code From iOS Apps [Update]

I think you're reaching there. I think the user should be given the option to opt in to sharing analytics data (or at least an option to opt out) with the requirement that any identifying data is kept out. So it's not necessarily about the app capturing user data, it's the kind of data that app is capturing.

 

It was hidden. There was no message "we are now going to collect data about you" displayed.

--- Post Merged, Feb 8, 2019 ---

Proactively, they publish their rules, and if you violate these rules, whether Apple knows about it or not, you are in violation. Apple _could_ close your developer account for it. I'll check if I get a mail sent to _every_ developer that this kind of violation in the future will get their developer account shut down.

--- Post Merged, Feb 8, 2019 ---

Well yes, they spy on you, and you pay for it. Google is quite good at that game.

 

Actually, that is a very good point you've made there. If the data being sent back to the app developer includes a large portion of analytical data which was being collected stealthy without the users knowledge or permission, this means the user is paying more for their data use than they should be. Whilst the cellular companies may not be aware of what it going on with the apps in question, the user is being deceived on paying for data that they were not informed about (stealth analytical data). This deception is fraud and is against the law.

It means therefore people on limited data plans would be using up their data quicker than normal because a big chunk of the data being sent over the cellular network is stealthily recorded analytical data. Remove that portion of data and the users data plan lasts a lot longer.

If it can be proven that removing the analytical data reduces the size of the data being transmitted over the cellular network, this could have serious implications for the app developers because their actions in putting stealth collecting into their apps unintentionally helped to increase the profits of cellular companies due to having users topping up their data plans every month or so.

 

Well, I agree. Full disclosure is the only way to gain customer trust. The fact that an app can record screen interaction IS NOT BAD in itself. We have used this kind of feedback mechanism over the years, on customer activation only of course, to gain valuable insights into how a program is used.

For instance if you knew a feature is used 1% of the time, then you know not to invest time or money to develop or expand the feature, OR, you know that a feature needs to be improved. If you know a feature is used 99% of the time then you make sure you don't break it or enhance it to continue.

However, of course, if this data was captured without consumer consent then these apps should clearly be removed until they conform to a privacy policies that Apple's platform demand.

But I am SO TIRED of the FUD about all this, and Apple assuming that data gathering is automatically nefarious and bad. I am sure MOST of the apps involved were only using this data to gain insight as to how the customer uses their apps, and I don't see how this data is a violation of privacy or could be used in nefarious ways. The automatic guilty until proven innocent approach Apple is taking is not appropriate, not at all.

Customer feedback is an important tool that app developers can and should use to ensure they delivery the best product or service possible, and of course that should be explicitly asked of the user if they want to participate, but systematically criminalizing data feedback because Apple wants to discredit their competition and spread FUD and use Gestapo like tactics against anything that is NOT Apple is the epitome of ANTITRUST!

 

In that case many make Microsoft responsible because of Windows malware, they even say MacOS is better, so you even failed at your argument.

 

Data aggregators have been operating with impunity for so long and are
so drunk on the money being reaped they are ignoring the brewing storm
of approaching legislative controls and user backlash. My guess is Apple
management has finally recognized the backlash is imminent and are
posturing to look like the good guys. I remember when little being instructed
to avoid even the appearance of impropriety. Methinks Apple management
may realize that advice given to me nearly 90 years ago is still applicable
today.

 

*ANY* hidden data gathering behind my back is nefarious. There is nothing to discuss about it beeing evil.

 

The statement from Glassbox sounds like typical we've been caught guilty BS

 

You totally don’t understand what your talking about. There was no miss by QA. These are analytic tools available on all platforms, including android and the World Wide Web, what they should do is allow safari content/ad blocking extensions to also work against all external connections on every app.

 

without punishment the criminal will strike again with his mischief to society...

 

Whilst it can be argued that some of the customer data collected exceeds the remit of the app's purpose, it is not the data that is the biggest issue here, it is the fact that companies, with the help of 3rd party analytical collection companies and app developers, are arbitrarily making decisions on their customers behalf on what data they collect about them and do so in a clandestine and stealthy manner without the customer knowing what is being collected about them, why and how.

The example of Air Canada is important because as the original article pointed out, customers using Air Canada's app are of the belief that their sensitive data, full name, address and passport info is only being seen and used by Air Canada, but this has proven not to be the case because the company Glassbox that is only supposedly to collect analytical data, also gets sent the sensitive customer info as well.

The fact Glassbox made a statement saying all collected data is safe and complies with the countries laws on privacy, that is not the point, the point is they have access to private and sensitive customer info that they never should have had in the first place.

Update: Corrected the name of the company.

 

What I'm not clear on is how an app could record the entire screen to begin with. If Apple has an API to record the screen but then puts the onus on the developer to disclose that fact, then the solution is simple - modify the API so that anytime the screen is being recorded, the red icon appears automatically. (The mic does something like this, doesn't it?)

On the other hand, the original article on this seemed to indicate that the tracking activities simply used public APIs which are allowed to developers. So what that means is that basically Apple is now saying "We were told that you did this, we don't like that, so stop doing it." But how, honestly, would Apple know if a developer actually removed the tracking?

Remember this. Apple does not get access to your app's source code. The only thing they can do is actually use the app and gauge its experience, and evaluate which APIs it's using (to try to prevent use of private APIs). Unless Apple updated it, for the longest time the API usage was simply tracked by the names of the API functions as strings. There were some apps caught using string obfuscation to use private APIs (again, only after the media reported it). There have also been thousands of examples of apps sneaking in some backdoor hidden functionality (one early example was a flashlight app that doubled as a WiFi hotspot, back when carriers charged you for the privilege of using a hotspot on the data you already have allotted, and a file manager that hid an entire NES/SNES emulator).

The scary part is Glassbox's response - pure PR bullcrap. Of course anyone in that market is going to have some way to spin their behavior. It's like saying "Hey, I broke into your house and robbed you of all your valuables, but hey, I did you a favor and made your house more clean and spacious! My intent was not to deprive you of your big screen TV, but in the pursuit of helping you improve your living space I had no choice..."

And even if Apple is able to identify the current iterations of Glassbox, and even if they block screen recording, I fail to see how anything other than media attention will even notify Apple of apps doing things like recording and tracking taps and swipes. I could easily write an app in a few minutes that records the coordinates and direction of any tap and swipe and sends it to a server. An app can't function without being able to read user input, so it's going to be a tough API to lock down...

 

I still don't get it. You gave your credit card info to Air Canada and now you are concerned that their app (i.e. Air Canada) might figure out your credit card data? I understand that in this case different set of people (in the same company) may have access to the data and that's somewhat concerned but altimately you either trust the company or you don't.

 

What's the vetting process for applications allowed into the App Store? Does Apple proof the source code for submitted software? If so, how did this stuff escape the proofers' attention? If Apple does not inspect the sources, do they simply get developers to sign agreements that their software doesn't expose user data without user consent? If Apple truly was surprised at these revelations, then their application vetting process is flawed; otherwise, it's hard to see how Apple wasn't aware of the situation, indicating that they reacted only after poor publicity exposed the situation. It's not exactly a win-win. They either have a poor vetting process, or have been deceptive in their privacy claims.

 

Many are saying it's Apple's fault for allowing the API's to be able to do what they do. No it is not. The API's were built for legitimate uses in mind. Being able to write an app that not only collects numerous amounts of user data but also monitor where and when they press something on the screen and have the ability to hide itself in the background without anyone knowing except the app developer and the companies monitoring the data, is not what the general public would call a 'legitimate' use of the API's.

Should car manufacturers take the blame for allowing cars to go 100 mph (NO) or should the blame be with the person who takes the decision to abuse the 'tool' they have been given (YES)

No matter what is designed, people with nefarious intentions in mind will always find away to use the design in a way they was not designed to be used. The founders of Glassbox and companies like them are those type of people. They realised what could be achieved with the API's, designed it so their software works stealthy behind that of other companies apps then have the gaul to say 'we've done nothing wrong' and the excuse they will use 'if the API's were not designed to do it that way then why did Apple allow it to continue'.

Update: Corrected name of the company

 

Truth is it is used as a behavior analysis tool not a feature testing tool. Like google analytics but with much greater potential. Also that data could be sold to aggregators and be worth lots of money so abuse is to be expected. This kind of tools should be locked down by AppStore policy considering their advocacy for privacy.

 

I deleted apps on my iPhone.
I will never use those apps.
Scumbags

 

Still AppStore review process should have caught it. Seems to be a systematic flaw we will see if and how they fix it...

 

unfortunately there are still too many ”if you get caught, your account may be banned” - lucky this issue was fixed by asking them to remove such a feature, but there are still too many ”(only) if you get caught...” - issues still left. appstore is far a perfect or even stands any sort of privacy talking in a daylight. just a hype apple has managed to build. these few days has already shown how vulnerable the whole system was and still is.

 

Your just not getting it either, Air Canada is not the only company who has all that sensitive info, the 'man in the middle' company also has that info (Glassdoor). Air Canada has a legitimate reason to have all that sensitive info, the analytical company Glassdoor does not, but yet they do and admitted as such that they do (read the OP).

And this is the problem, anyone using the Air Canada app will know the company has all the sensitive info and thus if anything was to go wrong, the customer would naturally approach Air Canada to complain. Now it transpires that a 'man in the middle' company has been secretly been collecting that same information for 'analytical' purposes.

Remember, it's peoples perception of what they know should be happening and the horrible realization of what is actually happening. Air Canada, a flight company, needs names, address and passport info. Straight away our perception is that the company has to follow the law about keeping that information safe. We therefore put a level of trust in Air Canada to do just that. Then all of a sudden, a tech website releases a report that says this is not entirely true as there is also a hidden company collecting the same data, a company the wider populous knew nothing about until now. Does this company follow the same rule of law as Air Canada?, why is Air Canada allowing such a company to hide itself in it's app and collect the same info. it immediately throws out our perception of what should be happening and we immediately go into distrust mode.

 

...and it isn't certain whether or not Apple had been aware of this all along and only decided to respond once it was made public.

And it is only for those apps using Glassbox for analytics. There are many other apps out there using alternative methods for on-device analytics. This also doesn't include those apps that use server-side analytics.

IMO this story is more of a "Judas Goat" to draw attention away from the falacy that is "privacy on Apple platforms".

 

Did these "screen recording" apps also have access to the front facing camera and microphone?

 

Glassbox's response is hilarious. All I hear is "please don't make us obsolete and force our doors to close." Look, your fine Glassbox, but you NEED TO DISCLOSE when your doing it.

 

Fixes that for ya

 

I think that pretty much nails the new Apple - as long as the company continues to be _perceived_ as producing top notch quality products and software; as long as they are _perceived_ as standing behind their products with great customer service; and while they are _perceived_ as being a "walled garden" which protects customer privacy, they will continue to make huge profits based upon that perception, and will retain customer loyalty. That reputation was built not so much upon claims and advertising, but on the company's actions over time. What I've noticed on this forum lately is the increasing number of long time loyal Apple customers becoming dissatisfied over the last several years. That is not a good sign. It is no longer Windows/Android users trolling MacRumors who are bashing the company. Complaints are coming from long time Apple customers unsatisfied with lack of Mac Pro development, unhappy with QC problems with Mac laptops, unhappy with the loss of ports for the sake of a thin aesthetic, and now becoming disenchanted with privacy issues coming to the fore. The walled garden is showing signs of decay. But yes, there will be folks who will continue to point to Apple's profits of late as a sign of the company's strength. Cook and his cadre of high level executives probably won't be around a whole lot longer. They're getting older, and ultimately a new leadership will come into play. That will be an interesting sea change.