Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes

[a_f]

The level of people's surprise on hearing news like this is almost always inversely proportional to their understanding of the value of data. Not sure why this comes as a shock to so many.

Nevertheless, it is a sad reality.

 

[DNichter]

Why? they are all operating within the rules set by Apple for the App store.

It states in Apple's rules that you can secretly record the user's screen without their consent? If so, I would be surprised. Let me know where you see this though.

 

[WatchFromAfar]

It states in Apple's rules that you can secretly record the user's screen without their consent? If so, I would be surprised. Let me know where you see this though.

It's not up to me to prove it. Apple has a team of lawyers on staff that look over the T&C of their App store. If these apps are are allowed on Apples App store (after meeting Apple's T&Cs) take your distain up with Apple for allowing it.

 

[TracesOfArsenic]

It states in Apple's rules that you can secretly record the user's screen without their consent? If so, I would be surprised. Let me know where you see this though.

More pertinent is where does it explicitly say they can't do this? These apps were approved in the review process so Apple obviously deems them fit for purpose. Surely if they were in flagrant abuse of the rules they'd be banned or rejected in the first place (or it'd be picked up well before now).

 

[goobot]

You've missed the point; you may not like what they are doing but:

A) They've broke no laws.
B) They've haven't even broke app store rules.

People may not like it but here's quote from the article:

"all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes"

The onus is on the individual; take responsibility for what you install people and stop this childish "wah, wah I didn't know" mentality.

This particular situation may be technically alright but companies do shady things like this often that aren’t always legal.

 

[Banglazed]

Looks like Apple will crack down on these according to 9to5mac

 

[Heineken]

Looks like Apple will crack down on these according to 9to5mac

Apple has balls after all.

 

[pika2000]

You have it backwards. Apple should be the one warning users.

Are browser makers like Google and Microsoft warn users when websites are tracking all their movements? Like many have stated, visual analytics is nothing new.

 

[Elian_Gonzalez]

This all just keeps getting better and better.

 

[smartaleck]

We need serious regulation on privacy. Germany just passed legislation seriously curtailing facebook's ability to harvest data and it's long overdue. The issue here is lack of consent, not the alleged rights of corporations to monitor people in how they use their products. Corporations can PAY for proper UX testing rather than skimming the data of unwitting customers, or compensate people for harvesting their data when they explicitly consent.

 

[DNichter]

It's not up to me to prove it. Apple has a team of lawyers on staff that look over the T&C of their App store. If these apps are are allowed on Apples App store (after meeting Apple's T&Cs) take your distain up with Apple for allowing it.

Then change the rules. Easy enough.

 

[I7guy]

You've missed the point; you may not like what they are doing but:

A) They've broke no laws.
B) They've haven't even broke app store rules.

People may not like it but here's quote from the article:

"all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes"

The onus is on the individual; take responsibility for what you install people and stop this childish "wah, wah I didn't know" mentality.

That these apps broke no rules is not true. The privacy policy didn't align with the actions of the app and that broke app store rules, which is why apple is tightening and now adding additional protections.

 

[ipponrg]

It doesn’t have to be an api it could be a simple name and address form.

One simple question: how do you make network requests?

Back to the question about Facebook totally being banned from the ecosystem. I trust apple with my personal data, but it’s been shown time and time again for many years, apps, programs and websites can be used for nefarious purposes. Apple can’t police the internet.

That's not the point in question. This is about Apple policing their iOS apps in their app store and in their ecosystem. No one is talking about web apps here.
[doublepost=1549596069][/doublepost]

This particular situation may be technically alright but companies do shady things like this often that aren’t always legal.

To be a devil's advocate, they are legal if you spin it in the right narrative. This is where the lawyers would step in and duke it out.

 

[I7guy]

One simple question: how do you make network requests?

Not sure of the point of this question, but I used a framework and javascript communicating with a back-end server. Once the info hit the back-end server, I could post the stream to dark web, if I was a nefarious person.

That's not the point in question. This is about Apple policing their iOS apps in their app store and in their ecosystem. No one is talking about web apps here.


To be a devil's advocate, they are legal if you spin it in the right narrative. This is where the lawyers would step in and duke it out.

That is exactly the point. Now that this entire mess is out in the open, it was up to the developer to have a proper privacy policy of which these did/didn't to various degrees. Apple is still not banning screen recordings, just requiring disclosure and a red dot.

 

[macfacts]

So the only thing keeping personal data on a iPhone safe are honest devs that follow Apple's terms of service. ....

 

[opmisk]

No-one said it was "an Apple thing", Apple are'nt the ones doing it. However Apple sets rules in it's app store that allow other companies to do this.

Surely you can see why some people are bitter when they see Apple spouting non-sense about "privacy"?

Point being, if you’re only concerned about your iDevice, you’re not seeing the bigger picture. If you’ve browsed the web at least once in the past 10-15 years, your activities have been tracked as part of standard web analytics tools. ALL websites have done this for years, and continue to do so. Analytics and Big Data are the primary driver of web design and customer experience. Fortune 100 companies spends large %s of their budgets to build out advanced analytics to ultimately drive customer conversion on their site. This has been going on for years, the non IT public is just starting to get a peak behind the curtain.

 

[ipponrg]

Not sure of the point of this question, but I used a framework and javascript communicating with a back-end server. Once the info hit the back-end server, I could post the stream to dark web, if I was a nefarious person.

The point of the question is to gauge your understanding of what an API is, and no one should be scared of you streaming to the dark web based on your answer of "framework and javascript"

Apple controls the APIs that developers (or in this case Glassbox) uses. If Apple were truly concerned about the privacy of screen capturing, they would have disabled the ability to do so programmatically. But they won't because this will stunt creativity, innocent app developers, and the growth of their ecosystem.

I am convinced a big reason this is under fire right now is due to the media targeting Apple's rhetoric of "what happens in Apple stays at Apple".

 

[tech3475]

People wanted free apps. Well this is what you get when you use free apps. Massive invasions of privacy for the purpose of mining and monetizing your personal information.

If you look at the actual apps, many of them are shopping apps or apps where you’re already a customer of their services.

Are you seriously suggesting that people should pay for apps like Expedia?

 

[orfeas0]

People wanted free apps. Well this is what you get when you use free apps. Massive invasions of privacy for the purpose of mining and monetizing your personal information.

Free apps such as google and youtube are the cases you described. They use your data for ads and money.
But the apps mentioned in this article (Abercrombie & Fitch, Hotels.com, Air Canada, Singapore Airlines, Expedia), are not data-collecting companies! They sell products. They make their money from clothes, air tickets, hotels etc.
Sure everyone can earn some cash on the side with data collection, but it's not their main revenue.

Why is glassbox allowed in iOS? Why is screen recording -without consent- allowed...?

 

[I7guy]

The point of the question is to gauge your understanding of what an API is, and no one should be scared of you streaming to the dark web based on your answer of "framework and javascript"

How many apis does Apple support?

Apple controls the APIs that developers (or in this case Glassbox) uses. If Apple were truly concerned about the privacy of screen capturing, they would have disabled the ability to do so programmatically. But they won't because this will stunt creativity, innocent app developers, and the growth of their ecosystem.

I am convinced a big reason this is under fire right now is due to the media targeting Apple's rhetoric of "what happens in Apple stays at Apple".

Nefarious developers can do what they want with user data that the app reacts to. It doesn’t matter the method of what or how it was collected. THAT is the point, that creativity for misuse can be all there. To the above if no one should be concerned about posting info to the dark web, this shouldn’t make a damn bit of difference either.

 

[Intellectua1]

With all of the iOS security problems lately with apps, imagine how bad Android systems must be.

All breaches of security are bad, there's no such thing as one being worse than the other. If you continue to look at things the way you do you'll always find an excuse for security issues on iPhones/Apple products by simply pointing fingers at Google/Android. This is something that really needs to stop!

 

[luciferuk]

This sounds incredibly dubious. As an iOS dev myself, there is no way for me to continually record a customers screen, UIKit wouldn't allow an open ended session like this nor would it 'capture' without notification.

What's more likely happening is that the app records it's inputs and somewhere (call centre perhaps) is capable of simulating this playback. If you're using Apples native keyboard, they cannot see your key presses when the keyboard is visible as this would be a protected and completely different process than the app recording inputs.

I'm not surprised that this news article has no video evidence of this alleged screen capture happening because it's simply not possible with the current 3rd party development toolset.


[doublepost=1549543336][/doublepost]
If only you lived closer to me, I'd love to demonstrate showing you how much more secure browsing on your iOS device really is; you'd be blown away. iOS has a bounty program though where Apple pay fat stacks of cash to those that properly disclose and document vulnerabilities. Mac OS on the other hand? No such thing. One might ask themselves why this is and perhaps also why Apple has Mac computers right in its iOS sights. As for Windows well, they're better than they used to be lets go that far. My advice, stick with iOS. It has the biggest amount of cash behind it and is arguably the best OS on the planet.
[doublepost=1549543728][/doublepost]
I'm fairly certain Apple are doing what you expect them to do. Remember, every process that is built by a 3rd party for iOS must conform to the constraints of the 3rd party developer framework. We simply cannot write code outside of that. If the API does not support 'continuous screen recording without customers explicit consent' it just cannot happen and I assure you (until I see evidence which non of us have yet) it cannot happen unless some exploit has been found which in itself is worth a lot more money from Apple Security than it is from a news agency for the story.

The replies here just quote other articles 'claiming' it's happening. Show me a screen recording then, with privacy violations. Telemetry like what you report has been going on for years, with everyday websites; nothing here is new #scaremongering. Read more here: https://www.howtogeek.com/404605/are-apps-really-recording-your-iphone’s-screen/

 

[Phlapple]

No, but they do generally advise that your data and info from shopping are used to help better your experience, etc. It's said without being said.

Like when DJT said "every word out of my mouth is horses***.” Those weren't the exact words used, but most of us knew what he meant.

This is a load of ********. We all know it. Nowhere does it say we will monitor your ****ing keystrokes and ****.