Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 6, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.

    Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use "session replay" screen recording technology within their apps.

    [​IMG]

    Session replays let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.

    Some apps, such as Air Canada, don't properly mask data that's recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.

    TechCrunch had mobile app expert The App Analyst look at some of the apps that Glassbox lists as a customer. Not all apps leaked masked data, and most appeared to be obfuscated, but there were instances where email addresses and postal codes were visible.

    "Since this data is often sent back to Glassbox servers I wouldn't be shocked if they have already had instances of them capturing sensitive banking information and passwords," The App Analyst told TechCrunch.

    As TechCrunch points out, all of the apps have a privacy policy, but not one makes it clear that they're recording a user's screen. Glassbox does not require special permission from either Apple or the user to record the screen, and without checking specific app data, there is no way to know if an app is doing this.

    Glassbox also does not require its customers to mention the usage of the screen recording feature in their privacy policies.
    There are other analytics companies that have practices similar to Glassbox, like Appsee and UXCam, and there are a lot of major companies that are using this kind of technology, based on their customer lists. This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.

    With no way to detect that this is going on, all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes without clear privacy policies.

    Article Link: Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
     
  2. brendu macrumors 68020

    Joined:
    Apr 23, 2009
    Location:
    USA
    #2
    This is partially why I use as few apps as possible. I’ll go on a website on my desktop with proper blockers in place if I need to. My phone is a minimal use device these days.
     
  3. pat500000 Suspended

    pat500000

    Joined:
    Jun 3, 2015
    #3
    Sue them. Too bad for expedia....used to love you.....now.....(throws up)

    Edit: what the hell is up with security and privacy?!
     
  4. Klae17 macrumors 65816

    Klae17

    Joined:
    Jul 15, 2011
    #4
    Apple do your thing! This is a violation of privacy. These app developers need to learn a lesson.
     
  5. borgqueenx macrumors 65816

    Joined:
    Jul 16, 2010
  6. DocMultimedia macrumors 6502

    DocMultimedia

    Joined:
    Sep 8, 2012
    Location:
    Charlottesville, VA
    #6
    It's really gotten impossible to browse or use apps with any semblance of privacy. Every company wants nothing but information in order to make more money. Oh well. Join or get left behind. ;)
     
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #7
    Looks like Apple needs to tighten the app noose a little more. The App and MAS store is supposed to be a sandbox for many important reasons and privacy is paramount.
     
  8. pmau macrumors 65816

    Joined:
    Nov 9, 2010
    #8
    The news cycle is relentless. Time to start new stock buybacks ;)
    Sometimes I think this is all made up stuff.
     
  9. Heineken macrumors 6502a

    Heineken

    Joined:
    Jan 27, 2018
    #9
    If apple doesn’t remove these from the App Store and hit the kills witch on the ones the are on users phones I will be very disappointed.
     
  10. az431 macrumors 6502a

    az431

    Joined:
    Sep 13, 2008
    Location:
    Portland, OR
    #11
    People wanted free apps. Well this is what you get when you use free apps. Massive invasions of privacy for the purpose of mining and monetizing your personal information.
     
  11. kagharaht macrumors 6502a

    Joined:
    Oct 7, 2007
    #12
    What? This is unacceptable and these apps needs to be removed now and disabled. Is this the full list?
     
  12. Kabeyun macrumors 68000

    Kabeyun

    Joined:
    Mar 27, 2004
    Location:
    Eastern USA
    #13
    I agree with websites over apps, but there’s no reason you can’t use iOS Safari with 1Blocker or other installed. On a Mac, I’m a big Little (heh) Snitch fan.
     
  13. Andres Cantu macrumors 68030

    Andres Cantu

    Joined:
    May 31, 2015
    Location:
    Rio Grande Valley in South Texas
    #14
    I think things like this happen when Apple starts being arrogant. We've got the FaceTime bug, and now this since then.

    Karma? Maybe just let your products speak for themselves?
     
  14. Brandhouse macrumors 6502

    Joined:
    Aug 6, 2014
    #15
    As a UX Designer, big fail by those companies secretly collecting data for analytical purposes and worse that sensitive data isn't masked. A user should always give permission that their sessions will be used to evaluate how we might create a better experience and it must be disclosed who will use that information and how. Working in finance, where all sensitive data from a user must be masked, e.g. using Hotjar and everything must be disclosed openly to the user.
     
  15. az431 macrumors 6502a

    az431

    Joined:
    Sep 13, 2008
    Location:
    Portland, OR
    #16
    There’s no App Store guideline that prohibits collecting usage information. To the contrary, Apple permits collection of usage information if the user consents.

    Consent is generally satisfied by providing a terms of service link and consent is basically continuing to use the app after being afforded the opportunity to review the terms.
    --- Post Merged, Feb 6, 2019 ---
    Apple’s arrogance is the reason why Expedia collects user data? Okay.
     
  16. Heineken macrumors 6502a

    Heineken

    Joined:
    Jan 27, 2018
    #17
    This is a load of ********. We all know it. Nowhere does it say we will monitor your ****ing keystrokes and ****.
     
  17. JonGarrett macrumors newbie

    JonGarrett

    Joined:
    Mar 27, 2016
    Location:
    New York, NY
    #18
    Why? You're the number one cheerleader around here promoting lies about Malware in the Play Store while the App store is so perfectly safe.

    So yeah, what happens on your iPhone stays on your iPhone unless you use apps or FaceTime and unless you live in Russia or China where servess are located that houses your data.
     
  18. az431 macrumors 6502a

    az431

    Joined:
    Sep 13, 2008
    Location:
    Portland, OR
    #19
    None of that crap protects you from the sort of data gathering that this article covers. All those “blockers” do is block certain cookies and ad related code. It’s still possible to collect your interactions, IP, location, device info, and more.

    And no, a VPN is no guarantee that your IP is hidden.
     
  19. DynoRunnerr macrumors newbie

    Joined:
    Jan 29, 2019
    #20
    Wait how is this a big deal ? You are in fact using the app, so they in fact know everything your doing. Remember only the app you are using can grab your screen, what’s the issue ? The developer built the app, knows what it looks like, knows what your pressing.. why is this news ? Is the information being transferred outside of the app developers control ? If so then I see it as a concern. This is no different than google analytics. It only captures that’s specific app. And this SDK is not specific to iPhone, it’s available for various platforms, including android. The good think about apples store is they can actually detect and remove all apps who are using this if they wanted too. Especially if this is not disclosed to a user
     
  20. Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #21
    Wow, Canada just got added to the list of countries involved in cyber espionage... Who'da thought?
     
  21. User008 macrumors newbie

    Joined:
    Oct 24, 2015
    #22
    FTFA: “This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.“
     
  22. chrisdazzo macrumors 6502

    chrisdazzo

    Joined:
    Apr 11, 2006
    Location:
    Colorado
    #23
    Whoops. In my last job, we used a tool called Decibel Insight which basically did the same thing, but we were cautioned to mask sensitive data like this, since it was built-in to the tool and allowed CSS element, regex string, etc. matching. Nice feature if you use it, and helps avoid issues and negative press like the above. The second we implemented Decibel, I personally made sure that all sensitive data was masked; there's no good UX, Analytics, or dev reason to unmask PII (personally identifiable info) - any conclusions about behavior or drop-off can be drawn without it. I know of no tool that by default tracks keystrokes on the web. The dataset would be ridiculously large and full of PII, which most companies (excluding Facebook I guess) would go out of their way to avoid tracking. As an analyst/analytics manager, I would avoid having to work with that mess in the first place because of its complexity.

    Also, if you're worried about a company you're already giving your email and/or zip code to (by typing it in) having that information in a different analytics tracking system... well, I can't help you. 99.999% of the time it will not be used by said company for nefarious purposes, cool your panties.
     
  23. 12643 macrumors newbie

    Joined:
    Jul 5, 2018
    #24
    This shouldn’t even be possible, from a programming standpoint, WTF Apple?
     
  24. mejsric, Feb 6, 2019
    Last edited: Feb 6, 2019

    mejsric macrumors 6502a

    mejsric

    Joined:
    Mar 28, 2013
    #25
    as long as no one goes to jail, they will find another way to mine and steal user data.
    can't imagine in android world.
     

Share This Page