Apple Forces Developers to Remove Screen Recording Code From iOS Apps [Update]

It's Glassbox not Glassdoor

And no they do not say that they get their hands on this data. Besides, they say that their tools provide the means for masking sensitive data (i.e. if used properly sensitive data would not be captured in a first place). this is what they said:

Glassbox and its customers are not interested in "spying" on consumers. Our goals are to improve online customer experiences and to protect consumers from a compliance perspective. Since its inception, Glassbox has helped organizations improve millions of customer experiences by providing tools that record and analyze user activity on web sites and apps. This information helps companies better understand how consumers are using their services, and where and why they are struggling.

We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded -- just as contact centers inform users that their calls are being recorded.

Furthermore: No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources.
Glassbox meets the highest security and data privacy standards and regulations (e.g. SOC2, GDPR), and all data captured via our solution is highly secured and encrypted.

We provide our customers with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system.

While the statement does not say explicitly that Glassbox does not get this data, it does not say that they do either. I do not see the reason for them to be getting this data. They provide the tools that companies (like Air Canada) could use to improve their apps. And they can do it in a careful manner without endangering user's sensitive data.

 

To get to some surface insights on Apple's developer guidelines, check out the following link. Analytics is one of the subtopics.

https://developer.apple.com/app-store/resources/

 

Depends on how you respond to various iOS privacy alerts, if and when an app tries to access such.

 

What is the "screen recording" app? Any app can record its own screen. As long as the app can't record the screens displayed by other apps, what's the problem? Also, these tools were developed to analyze UI efficiency. For example, they can help understand how often the users click the "wrong" buttons etc. thus helping the developers to understand if the UI is easy or difficult to use. Why would these tools use camera or mic? Any app can use the camera and mic with or without these tools (if you let it) but that's a different matter.

 

The issue is that the developers and/or companies for whom they work are not taking adequate steps in informing the app users that their data is being collected. Such disclosure should be clearly communicated prior to the purchase/installation of the app, and not cloaked in long tiny fine print paragraphs of unintelligible (to non-lawyers) legalese that one generally finds in the form of the EULA (end-user license agreement). The EULA is such a complex entity that a whole class of "EULA Generator" software is marketed for their composition (google "eula generator"). People need professional help or special software to generate these things, so how are they likely to be understood by "Joe EndUser")? Of course, a rather unsatisfactory alternative is just to assume that all or most apps track your usage, in which case substitute "Caveat Emptor" as a disclaimer (let the buyer beware). In the contemporary data age, with hackers, government entities, companies, app developers, and internet service providers all tracking your movements and communications through electronic devices, Caveat Emptor might be appropriate paradigm.

 

Because this behavior is normal. Many apps (and websites) collect lots of UI data to help fix bugs, improve UI, decide which features to update, help with customer support, target ads, etc. Very possibly including some of Apple’s own apps.

This issue here was with lack of disclosure, not explicit in developer EULA, etc. and sending the data to random 3rd parties.

 

Another PR nightmare.

Please, fire Tim Cook before it is too late! This will drive down sales even further.

 

Won’t have any affect at all, except on the inter webs, where people pick everything apart. Saying to fire Tim Cook, while putting it out in the universe, doesn’t mean it’s gonna happen. You have to be aligned with the universe and not the other way around.

 

2019 the year of the Apple crash!! Ahh!

 

I think people understand, Apple doesn’t misuse your personal information. And all apple software is safe.

The issue is “one bad apple” can spoil the bunch applies. There is no platform that is 100% safe, and no platform safer. That isn’t a fallacy it’s reality.

--- Post Merged, Feb 8, 2019 ---

Wait I thought 2018 was the year of the Apple crash. Everybody pretty much has it pegged when the market turned.

 

im pretty sure people who buy Apple products think they are in safe - that is thehype apple has managed to build. just go to the street and ask a question from random people if they think they are in safe by using apple devices... unless you meet a person who follows tech news, im quite sure the answer is ”yes”.

 

No, Apple does not have the source code. Source code is proprietary, and the property of the developers. It’s subject to trade secret and copyright protections. Apple receives binaries or bytecode representations of the app. There are automated checks run on the app to make sure that the app does not do certain bad things (like link to private frameworks that are not intended for use by developers). Human reviewers check that the app functions generally as it is supposed to, that it complies with various requirements of the developer program (use of certain copyrighted resources, not misleading in-app purchases, etc.). If the app connects to a back end server, the developer is required to provide a user account and login for use by the reviewers.

Developers are required to sign various contracts that say they will adhere to apple’s rules. If apple find substantial violations they terminate the developor from the App Store, potentially permanently.

There are many ways to game the system that have been eventually caught in some cases:

1) developers have put in code that causes the app to behave differently during review than it does upon release. This can be due to:

A) the server behaving differently before app release
B) the app detecting that Apple is running the app (based on IP address, date, user Id, etc.)

When these can be detected by finding suspicious linked packages and the like, Apple has from time to time done mass banning of such things.

2) developers changing the metadata for the app (the description, subscription pricing, etc.) after the app has been approved. Apple has responded by requiring metadata changes to accompany a new binary upload.

3) hiding things in the code that only show up in “Easter egg” fashion. For example, people have hidden MAME emulators and the like in code that can be triggered by typing in a code.

Given the thousands of app updates that are submitted every day, the reviewers cannot spend days reviewing each. In my experience, my apps are usually tested for somewhere between 15 minutes and several hours.

In the end, Apple relies on spot checking and the ban hammer, because it would be impossible to guarantee that no app can do no bad thing. Especially because some things are only “bad” (in apple’s eyes) if they aren’t properly disclosed in the app’s privacy policy or user agreement. The app reviewers are not lawyers; they can’t spend all day trying to figure out if the app’s behavior correctly is covered by the legal jargon in the app’s privacy policy, for example.

 

Group FaceTime bug
Is they knew it they would have fixed it, may be they missed it in testing.

--- Post Merged, Feb 8, 2019 ---

You are saying comparatively iOS/Mac OS are not safer/Secure compared to Windows/Android/Chrome OS (Privacy) ?

 

Hah, you have no idea who you’re talking to. I’m a full stack web designer and developer specializing in UI/UX. I already know this. Recording users screens is lazy and I would never do this with live users, and ESPECIALLY wouldn’t try to hide it. No way our lawyers would ever sign off on that and more than that I would never do it because it’s morally wrong. We do testing with users locally by either direct observation or recordings, but the users consent and are usually compensated with a gift card or something. As you said there are a lot of good analytics toolkits out there, but I don’t employ most of it on my sites because it’s creepy. I rely on my good instincts as a designer along with some A/B testing and observation to develop most of my comps. Many designers are too lazy and take this easy way out. The difference is that I respect my users.

 

How they know that is improving the customer experiences when they do not share any data? Just BS!

 

It’s not much better if my banking app discloses that they will track my actions and I have no choice but to accept this if I want to continue using said app for lack of a better alternative.

I would rather Apple just make the decision for me and unilaterally ban all apps across the board from doing this altogether. Make the tough decision for me so that I don’t have to.

 

Because app developers are willing to pay $$$ for the service to get the info?

 

That just means the service is improving the developers’ experience. So it depends on who they mean by “customer”

 

This is why I avoid using third party apps like a plague.

 

Egencia and Air Canada app updates came through. "Bug fixes and performance improvements", they say. I get that saying "We stopped watching your screen while you type" could be bad for PR, but personally I'd be more confident that the version I now have installed is safe.

Our customers aren't interested in spying on the women's shower, so I'm not sure what all the fuss is about with the cameras we installed...

 

Out of the box, most OTS analytics tracking software is pretty primitive without full setup. They at the very minimum collect how long a person has been on a page/screen.

It’s usually up to the integrator to fire custom events to convey the “screen recording” suite of data points.

There is no difference between using an OTS product vs rolling your own. Most companies will do variations of this because it’s a data driven approach to IA/UX and is what justifies a design decision.

If a IA/designer suggested a certain path based on their instincts and just a focus group (which ultimately may not even be your audience), they are playing with fire which is what most companies will not risk. You need to collect data from the actual product beyond A/B tests, focus groups, and instincts for informed decisions.

 

Maybe one day Apple will become a financial institution, a government, a hospital, an employer, a restaurant, and a house.

That way you are completely safe from the world.

 

Quite frankly there are many iOS users who choose Apple products mostly because of their stance on privacy and security. I'm sure Apple would like to keep their reputation in that area.

 

Looks like the Locked Garden is actually becoming a High Security Prison.....I prefer us not to be like China!!!!!!!

Apple let me have control of a actual file manager and some freakin mouse support on my expensive iPad Please and if I feel like using a screen recorder on any app I please...let me....I sure do on my android devices.

 

Again, these tools are not literally “recording screens”, and they can’t see “anything” you do on your device like you previously stated. These are browser based or mobile based UI tools that generally leverage js to capture UI events. There is nothing morally wrong with correlating button clicks, or specific paths with conversion %, for example. Now, if companies deploying these tools are not adequately masking NPPI data, that’s a legitimate compliance problem.